Stitch is a payments infrastructure company on a mission to make it easier for enterprise businesses to connect to the financial system and build better experiences for their customers.
We are expanding the team to enable Stitch to broaden our product offering and extend our geographical footprint.
The role: The Information Security Architect is responsible for developing, implementing, and overseeing Stitch's Information Security Management System (ISMS), risk management, and security-related certification programs or frameworks. This role is essential to ensuring Stitch adheres to certification requirements and internal policies, mitigates risks effectively, and maintains competitiveness in the evolving information security landscape. It is also crucial for ensuring the security and integrity of payment transactions and sensitive cardholder data across all digital platforms.
Key Responsibilities Guide and ensure compliance with card-based payment solutions and key management systems to protect transactions and CHD in accordance with PCI DSS and other security standards.Lead the implementation and maintenance of the ISMS in accordance with ISO 27001 and other adopted security-related standards.Conduct risk assessments to identify vulnerabilities and ensure appropriate risk mitigation strategies are in place within the ISMS framework.Conduct information security due diligence on third-party vendors and provide recommendations to management.Complete vendor risk assessments submitted by clients and prospective clients.Develop, update, and enforce policies and procedures to sustain compliance with ISO 27001, PCI and other relevant information security standards and practices.Coordinate and manage PCI, ISO 27001 and related audits, including internal and third-party assessments.Train and guide staff on information security practices and policies to foster a secure organisational culture.Monitor compliance with information security policies and procedures, reporting on performance against the standards to senior management.Act as the point of contact for information security compliance-related queries from stakeholders and regulatory bodies.Create technical documentation and security guidelines for internal use to assist compliance with regulatory requirements.Stay abreast of new trends and changes in security regulations and standards to ensure continuous improvement of the ISMS.Requirements Bachelor's degree in Information Technology, Cybersecurity, or related field.Relevant professional certifications (CISSP, CRISC, CISM, ISO 27001 Lead Auditor or Implementer) are strongly preferred.A minimum of 5 years experience in information security management and compliance, focusing on ISO 27001 and PCI.In-depth knowledge of information security standards and frameworks, particularly 27001, 22301, 27701, SOC2, POPIA, PCI and GDPR.Proven track record of managing and running with PCI and ISO 27001 audit programmes.Excellent analytical, problem-solving, and organisational skills.Strong interpersonal and communication skills with the ability to engage effectively with technical and non-technical stakeholders.
#J-18808-Ljbffr