Chief Security Officer (CSO) в A startup software development company (Payment Platform Provider)

Company field: Startup software development company (Payment Platform Provider) Location: Remote, On-site Audits in EU Job Type: Full-Time Income: from 5000$ net (depending on Candidate's expectations and skills) Send your CV: TG @OksiKem Responsibilities: 1. Overall Security Oversight: Ensure that the organization’s security practices and policies comply with PCI DSS requirements. 2. PCI DSS Compliance Leadership: Lead the PCI DSS compliance audit and ensure all relevant stakeholders are informed and involved. 3. Security Policy Development and Maintenance: Develop, implement, and maintain security policies that meet PCI DSS requirements. 4. Incident Response and Management: Develop and manage an incident response plan in compliance with PCI DSS. 5. Vulnerability Management: Conduct regular vulnerability scans and penetration tests. 6. Security Awareness Training: Ensure that all employees receive regular training on PCI DSS and security best practices. 7. Third-Party Vendor Management: Ensure that third-party service providers comply with PCI DSS requirements. 8. Audit and Assessment Coordination: Coordinate internal and external PCI DSS audits and assessments. 9. Documentation and Reporting: Maintain thorough documentation of all security policies, procedures, and compliance activities. Actions: 1. Regularly review and update security policies to align with PCI DSS standards. Oversee the implementation of security measures across the organization. 2. Conduct regular risk assessments, develop risk mitigation strategies, and ensure that all risk management activities align with PCI DSS requirements. 3. Ensure policies cover all aspects of data security, including data protection, access control, encryption, and incident response. 4. Establish and maintain an incident response team, conduct regular incident response training, and ensure prompt and effective response to security breaches. 5. Regularly test and monitor network security. 6. Regularly review encryption practices. 7. Develop and deliver security awareness programs, conduct regular training sessions, and ensure that employees understand their role in maintaining compliance. 8. Conduct due diligence, perform regular audits of third-party vendors, and ensure contractual agreements include PCI DSS compliance clauses. 9. Work with Qualified Security Assessors (QSAs), prepare necessary documentation, and ensure timely completion of assessments. 10. Ensure that all required documentation is up-to-date, accurate, and readily available for audits and assessments. Qualifications: • Proven experience as a Chief Security Officer or similar role. • Extensive knowledge of PCI DSS requirements and compliance. • Strong understanding of security protocols, cryptography, and risk management. • Excellent leadership, communication, and organizational skills. • Ability to balance security requirements with business operations. • Experience in a software development environment is preferred. • Relevant certifications such as CISSP, CISM, or CISA are a plus. • English fluent, Russian Native