Information Technology Security Officer

About DecisionLogic:

Headquartered in San Diego, DecisionLogic is a leading FinTech company providing a suite of integrated financial asset verification and credit scoring solutions across major financing verticals. In the last eleven years, our SaaS platform has served more than seventy million consumers and over two thousand clients around the world. We are currently expanding into a wide variety of new markets with an aggressive growth plan that includes exciting new product development and feature releases. We are proud to offer the opportunity to join a dynamic team with a company that is stable and growing.

Summary

The Information Security Officer role operates under limited supervision and reports to the CTO/CEO. This position organizes the monitoring of IT security systems and services as per company policies and procedures, provides detailed reports to management, implements effective cybersecurity practices for the company while minimizing cybersecurity risks, systems downtime, and data loss. This role will regularly and proactively coordinate updated initiatives for existing technologies to minimize disruptions and avoid security contingencies. This role is the internal champion for information security and compliance, and responsible for staff training and, in many cases, client training. This person will also manage all external communication regarding information security compliance with special emphasis on PCI-DSS, FCRA, GDPR, GLBA and all FinTech SaaS security controls that are relevant in the countries around the world where DecisionLogic services are used.

Essential Functions

Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1. Conducting a continuous assessment of current IT security practices and systems, identifying areas for improvement, and making actionable recommendations for optimization.
2. Review daily security logs and dashboards to identify, report and remedy vulnerabilities.
3. Monitor firewalls, anti-virus software, intrusion detection systems, etc. in conjunction with the Systems Administrator.
4. Perform vulnerability testing, risk analyses and security assessments.
5. Oversee and monitor routine security administration.
6. Respond immediately to security threats and/or incidences including outside of business hours to defend systems against unauthorized access, modifications, or destruction.
7. Maintain strict confidentiality of all sensitive information.
8. Monitor, detect, analyze, and investigate threat activity for clients.
9. Manage the company's compliance with PCI-DSS, FCRA, GDPR, GLBA, CCPA and other security controls.
10. Perform duties as Data Protection Officer for international regulation requirements.
11. Execute all assigned requests for security audits and due diligence questionnaires from clients and partners.
12. Champion and educate the organization about the latest security strategies and technologies including through KnowBe4.
13. Coordinate with IT, Development, and end users to minimize disruptions and protect assets.
14. Work with the CTO, Director of IT, and necessary executives to support all vendors, software and systems that implement various IT Security controls.
15. Creating business continuity plans and impact analysis.
16. Conducting policy and compliance audits, which will include liaising with internal and external auditors.
17. Serve is SME for security and compliance during the Product Development process.
18. Provide detailed and contextual weekly reporting to ensure security and compliance priorities and business impact is clearly understood by Executive Team and business unit leads.
19. Support new hire onboarding and employee offboarding as needed to maintain security and compliance best practices.
20. With the assistance of the IT Ops Team, develop plans to address typical office/administrative technical issues and oversee the implementation of solutions to provide staff with an enjoyable and productive working environment.
21. Serve as the day-to-day POC for CPI Solutions; direct them accordingly and report on their efficacy.
22. Write comprehensive reports including assessment-based findings, outcomes, and proposals for further security enhancements.

Competencies

• Solid understanding of the organization's goals and objectives
• Exceptional written and oral communication skills
• Experience working collaboratively within a team-oriented environment
• Exceptional customer service orientation
• Attention to detail
• Working knowledge of a range of diagnostic utilities
• Proven analytical and problem-solving abilities
• Ability to absorb and retain information quickly
• Ability to present information in a user-friendly language
• Highly self-motived and self-directed
• Executes duties with a sense of urgency and ownership
• Ability to stay up to date on relevant technologies and industry trends
• Solid planning and organizational skills
• Ability to perform public presentations

Compensation:

Salary ranges from 65,000-85,000 a year, depending on experience

Required Education and Experience:

1. 3-5 years of experience in Information Systems and/or IT Security.
2. Bachelor's degree from an accredited college with degree in Computer Science, Cyber Security, or related field of study.
3. Experience understanding threats, ability to translate threats, and intelligence gathering.
4. Experience in IDS/IPS, penetration and vulnerability testing.
5. Knowledge of DLP, anti-virus and anti-malware.
6. Experience with secure coding practices, ethical hacking and threat modeling.
7. Familiar with ISO 27001/27002, NIST, and PCI-DSS.
8. Well versed in GLBA, FCRA, and other relevant compliance regulations.

Hours and Location

This is a full-time position. Days and hours of work are Monday through Friday, 7:30 a.m. to 4:30 p.m. Hybrid schedule available. Work outside of normal business hours may be required.

Benefits and Perks:

• Medical, dental, vision, and life insurance
• 401K benefits with employer match
• Paid vacation, paid holidays, and paid sick time
• Beverages in break rooms
• Casual work environment
• Personal & professional development opportunities
• Full-service gym available to all employees

Additional:

Qualified candidates must be legally authorized to be employed in the United States.

DecisionLogic does not anticipate providing sponsorship for employment visa status for this employment position.

Due to the confidential nature of the information processed by the company we require extensive general and criminal background checks on all staff.

Please check out our web site at http://www.decisionlogic.com. DecisionLogic is an Equal Opportunity Employer