Job Description

Overview


EveryMatrix is a leading B2B provider delivering a modular and API-driven product suite, including a market-leading one-stop-shop casino content aggregator and integration platform, a cross-product bonusing engine, a fully managed sportsbook and sport data services, a stand-alone payment processing platform, and a multi-brand affiliate/agent management system.


We are seeking an experienced Information Security Specialist to join our security team. The ideal candidate will have a strong background in maintaining compliance with ISO 27001 and PCI DSS, as well as developing and implementing security policies and procedures, conducting risk assessments and security awareness training, and disaster recovery planning.


Responsibilities:

Maintaining the organization's compliance with ISO 27001 and PCI DSS.
Prepare for and participate in external security audits.
Develop and implement information security policies and procedures.
Conduct risk assessments and threat analysis to identify potential security risks.
Participate in the development of disaster recovery and business continuity plans.
Conduct security awareness training and provide ongoing education to employees on information security practices and policies.
Participate in potential customers’ RFIs/RFPs.
Process employees’ reports on security and participate in security incident investigations.


Preferred qualification:

Bachelor's degree in Computer Science, Information Security, or related field.
3 years of relevant work experience.
Working experience with security frameworks and standards such as ISO 27001, ISO 22301, PCI DSS, NIST CSF, etc.
Experience implementing security policies and procedures in a technically diverse environment.
Familiarity with security risk assessment methodologies and tools.
Strong understanding of information security technologies, concepts, and techniques.
Skilled at conveying ideas and connecting with others to effectively interact with stakeholders across the organization.
Advanced level of written and spoken English.


Nice to have:

Certifications like CISA, PCI Internal Security Assessor (ISA), ISO 27001 certifications (Lead Implementer, Lead Auditor, Internal Auditor), or related.
Experience working in a software development company.
Experience working in international environments.


Work-Life Balance:

Possibility of working remotely;
Paid leave days and two extra days per year for every year up to 5 years working with us;
100% covered 10 sick leave days per year (without a doctor’s note);
100% covered medical leave (with a doctor's note);
Sliding working schedule;
To support women candidates, we offer 21 weeks of maternity leave and 100% work from home until the child’s first birthday for mothers;
Men receive 4 weeks of paternity leave and can work from home until the child is 13 weeks old.


Benefits and Office perks:

Daily catered lunch or lunch allowance;
Private Medical insurance;
Gym membership;
Fresh fruits & snacks at the office;
Access to online learning platforms Udemy for Business and O’Reilly and budget for external training;
Massage at work;
In-house English courses;
Frequent free-bar parties, annual whole-company parties (have previously rented our own planes to get everyone together!);
Lounge & Fun area.

Quick response

Required Knowledge

• K0002   Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
• K0004   Knowledge of cybersecurity and privacy principles.
• K0005   Knowledge of cyber threats an`d vulnerabilities.
• K0013   Knowledge of cyber defense and vulnerability assessment tools and their capabilities.
• K0037   Knowledge of Security Assessment and Authorization process.
• K0038   Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
• K0054   Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.
• K0261   Knowledge of Payment Card Industry (PCI) data security standards.
• K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
• K0202   Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).
• K0263   Knowledge of information technology (IT) risk management policies, requirements, and procedures.
• K0214   Knowledge of the Risk Management Framework Assessment Methodology.
• K0271   Knowledge of operating system structures and internals (e.g., process management, directory structure, installed applications).
• K0272   Knowledge of network analysis tools used to identify software communications vulnerabilities.
• K0087   Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.

Required Skills

• S0001   Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.

Required Abilities

• A0033  Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• A0001  Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
• A0015  Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
• A0023  Ability to design valid and reliable assessments.
• A0092  Ability to identify/describe target vulnerability.
• A0112  Ability to monitor advancements in information privacy technologies to ensure organizational adaptation and compliance.