Head, Information Security

Multigate is a financial services platform company that provides institutions with access to safe and secure

treasury and liquidity management systems. Founded in 2017, Multigate is focused on providing simplified

solutions that unravel the complex payment and cash management challenges encountered by enterprise

corporates in emerging markets.

Multigate seeks to hire a highly skilled and motivated Information Security Manager to lead our organization’s

information security and business continuity initiatives. The ideal candidate will have extensive experience

implementing and managing compliance frameworks, specifically ISO 27001, ISO 22301, PCI DSS, and

SWIFT security requirements as outlined in the SWIFT Provider Security Programme (CSP). Additionally, this

role requires strong knowledge of cloud security, particularly with Microsoft Azure, network integrations with

third parties, endpoint security, and data privacy regulations. This role is critical in ensuring the security of our

information assets, maintaining business continuity, and achieving regulatory compliance.

Duties/Responsibilities

• ● Information Security Program Management:

• Develop, implement, and maintain the organization's information security management system (ISMS) in line with ISO 27001 standards.
• Establish and oversee information security policies, procedures, and controls to protect organizational assets.

● Business Continuity Management:

• Design, implement, and manage the organization’s Business Continuity Management System (BCMS) in accordance with ISO 22301.
• Conduct business impact analyses (BIA) and risk assessments to identify critical business functions and develop appropriate recovery strategies.

● PCI DSS Compliance:

• Ensure compliance with PCI DSS requirements for handling payment card data securely.
• Oversee annual assessments, vulnerability scans, and remediation plans related to PCI DSS compliance.

● SWIFT Security Compliance:

• Implement and manage compliance with the SWIFT Security Controls Framework (SCF) and the Payment Services Provider (PSP) guidelines.
• Ensure the organization meets all mandatory and advisory SWIFT security controls.
• Oversee SWIFT-related security assessments, attestations, and remediation plans to address identified vulnerabilities.

● Application and Technology Product Security:

• Work with development teams to integrate security throughout the software development lifecycle (SDLC).
• Conduct regular security reviews, penetration testing, and vulnerability assessments of applications and technology products.
• Ensure secure coding practices and compliance with relevant standards for application security( e.g., OWASP Top 10).

● Cloud Security Management:

• Design and enforce cloud security best practices, with a focus on Microsoft Azure.
• Implement security measures to protect data and applications hosted in the cloud.
• Conduct regular assessments of cloud infrastructure to ensure compliance with organizational and regulatory standards.

● Network Security and Integrations:

• Oversee and secure network integrations with third parties, ensuring data confidentiality, integrity, and availability.
• Implement robust network monitoring and access control measures to mitigate risks associated with third-party connections.

● Endpoint Security:

• Develop and manage endpoint security strategies to protect devices against malware, unauthorized access, and data breaches.
• Monitor and enforce compliance with endpoint security policies across all devices.

● Data Privacy and Regulatory Compliance:

• Ensure compliance with global data privacy regulations, including GDPR, NDPA, and other relevant standards.
• Implement data protection strategies to secure sensitive and personal information.
• Collaborate with legal and compliance teams to address regulatory requirements and audits.

● Incident Response:

• Develop and manage incident response plans to address security breaches, cyber threats, and disruptions.
• Coordinate with internal and external stakeholders during incident response and recovery activities.

● Audits and Certification:

• Plan and coordinate internal and external audits for ISO 27001, ISO 22301, PCI DSS, SWIFT PSP, and other relevant compliance frameworks.
• Address non-conformities and ensure successful completion of certification processes.

● Training and Awareness:

• Conduct security awareness and business continuity training for employees.
• Promote a culture of security and resilience across the organization.

● Collaboration and Reporting:

• Collaborate with all departments to align security initiatives with organizational goals.
• Provide regular reports on security and continuity status, compliance, and risks to senior management.

Requirements

• Bachelor’s degree in Computer Science, Information Security, or a related field (Master’s degree preferred).
• Minimum of 5 years of experience in information security management, including the implementation of
• ISO 27001, ISO 22301, PCI DSS, and SWIFT CSP.
• Proven expertise in cloud security, with a strong focus on Microsoft Azure.
• Hands-on experience with network security and third-party integrations.
• In-depth knowledge of endpoint security solutions and practices.
• Strong understanding of data privacy regulations, such as GDPR, NDPA.
• Professional certifications such as CISM, CISSP, Microsoft Certified: Azure Security Engineer Associate,
• AWS Certified Security Specialty, CRISC, or equivalent.
• Excellent communication, problem-solving, and project management skills.

Preferred Skill s

• Experience with security tools such as SIEM, vulnerability scanners, and endpoint protection.
• Familiarity with SaaS environments and related security challenges.
• Knowledge of additional regulatory frameworks and compliance standards.

Benefits

• Career development/Opportunities
• Office perks
• Working with amazing talents
• Role Autonomy