The Chief Information Security Officer (CISO) at PAPAYA is responsible for protecting the company's digital infrastructure, data, and internal systems from cyber threats.  Key responsibilities include developing and overseeing security frameworks, monitoring real-time traffic for anomalies, leading risk assessments, ensuring compliance with data protection laws (GDPR, CCPA), overseeing identity and access management, implementing application security best practices (OWASP Top 10), managing security operations (SOC, SIEM), leading incident response, educating employees on cybersecurity, and collaborating with legal and compliance teams.  The role requires expertise in cloud security, real-time threat detection, and regulatory compliance.

<p>We bring more fun challenges into this world. Our game-changing, skill-based tournaments are just the start.</p>

PAPAYA

Head of Product

Talent Marketing Specialist

SW Infrastructure Team Lead

Software Team Lead

UA Creative Strategist

Chief Information Security Officer

Business Analytics Team Lead

DevOps Engineer

FB Moderation & Community Specialist

QA Support

<div class="col-lg-6 col-md-12 col-sm-12 positionInfo">
                            
                        </div> <div class="col-lg-6 col-md-12 col-sm-12 positionInfo">
                            <div class="row" ng-repeat="field in position.customFields.details | filter : field.value | orderBy : 'order' track by $index" ng-if="(legacyDesign || !isDescriptionField(field)) &amp;&amp; field.value">
                                <div class="col-lg-12 col-md-12 col-sm-12">
                                    <h3 class="smallTitle positionSubTitle brandColoredText" style="color: #3F455B !important;">Description</h3>
                                    <div class="userDesignedContent company-description" ng-bind-html="field.value" rtl-direction-html="field.value"><p><strong>Chief Information Security Officer (CISO)</strong></p><p>As the <strong>Chief Information Security Officer (CISO)</strong> at <strong>PAPAYA</strong>, you will be responsible for protecting the company’s digital infrastructure, data, and internal systems from cyber threats. You will develop and implement security strategies to ensure compliance, safeguard intellectual property, and mitigate cybersecurity risks. This role requires expertise in cloud security, real-time threat detection, and regulatory compliance to support a seamless and secure operational environment.</p><p><br></p></div>
                                </div>
                            </div><div class="row" ng-repeat="field in position.customFields.details | filter : field.value | orderBy : 'order' track by $index" ng-if="(legacyDesign || !isDescriptionField(field)) &amp;&amp; field.value">
                                <div class="col-lg-12 col-md-12 col-sm-12">
                                    <h3 class="smallTitle positionSubTitle brandColoredText" style="color: #3F455B !important;">Responsibilities</h3>
                                    <div class="userDesignedContent company-description" ng-bind-html="field.value" rtl-direction-html="field.value"><p><strong>Key Responsibilities:</strong></p><p><strong>Security &amp; Risk Management</strong></p><ul><li>Develop and oversee security frameworks for enterprise infrastructure, including cloud environments and critical systems.</li><li>Monitor real-time traffic and system logs to detect anomalies and mitigate security risks.</li><li>Lead risk assessment initiatives to identify vulnerabilities and implement mitigation strategies.</li></ul><p><strong>Data Protection &amp; Compliance</strong></p><ul><li>Ensure compliance with global data protection laws (e.g., GDPR, CCPA) and industry regulations.</li><li>Lead security and privacy initiatives to protect user accounts, payment information, and sensitive data.</li><li>Oversee identity and access management (IAM) solutions to prevent unauthorized access to critical systems and applications.</li></ul><p><strong>Application Security &amp; Secure Development</strong></p><ul><li>Implement and enforce <strong>application security best practices</strong>, focusing on <strong>OWASP Top 10 vulnerabilities</strong> and secure coding.</li><li>Ensure <strong>secure mobile application development</strong> by integrating security controls into mobile app lifecycles.</li><li>Oversee <strong>Web Application Firewall (WAF) solutions</strong> to protect against web-based threats.</li><li>Work with engineering teams to implement <strong>DevSecOps</strong> and security automation across development pipelines.</li><li>Oversee penetration testing, bug bounty programs, and vulnerability management for applications and APIs.</li></ul><p><strong>Cyber Threat Intelligence &amp; Incident Response</strong></p><ul><li>Establish and manage security operations (SOC), SIEM, and threat detection for real-time response to cyber threats.</li><li>Lead <strong>forensic investigations</strong> and incident response for cyberattacks affecting enterprise infrastructure.</li><li>Stay ahead of emerging threats, including hacking techniques, ransomware, and credential stuffing attacks.</li></ul><p><strong>Security Awareness &amp; Collaboration</strong></p><ul><li>Educate employees and stakeholders on cybersecurity best practices.</li><li>Work closely with legal, compliance, and risk teams to align security policies with business goals.</li><li>Manage relationships with third-party security vendors and technology partners.</li></ul><p><strong>Policies &amp; Compliance</strong></p><ul><li><strong>Develop &amp; Maintain Security Policies</strong> – Create and enforce cybersecurity policies aligned with ISO 27001, NIST, GDPR, and industry standards.</li><li><strong>Ensure Regulatory Compliance</strong> – Oversee adherence to compliance frameworks (SOC 2, PCI-DSS, ISO27001, and ISO27701) and conduct security audits.</li><li><strong>Risk &amp; Incident Management</strong> – Implement risk assessment strategies and incident response plans to mitigate security threats.</li><li><strong>Governance &amp; Reporting</strong> – Provide security insights to leadership, track KPIs, and ensure business alignment with security objectives.</li></ul><p><strong>Nice to Have:</strong></p><ul><li>Experience in <strong>fraud detection and prevention</strong>, including unauthorized access mitigation and financial fraud protection.</li><li>Strong knowledge of payment security, identity verification, and fraud analytics.</li></ul><p><br></p></div>
                                </div>
                            </div><div class="row" ng-repeat="field in position.customFields.details | filter : field.value | orderBy : 'order' track by $index" ng-if="(legacyDesign || !isDescriptionField(field)) &amp;&amp; field.value">
                                <div class="col-lg-12 col-md-12 col-sm-12">
                                    <h3 class="smallTitle positionSubTitle brandColoredText" style="color: #3F455B !important;">Requirements</h3>
                                    <div class="userDesignedContent company-description" ng-bind-html="field.value" rtl-direction-html="field.value"><p><br></p><p><strong>Qualifications &amp; Experience:</strong></p><ul><li><strong>B.Sc. degree in Computer Science, Software Engineering, or a related field.</strong></li><li>10+ years of experience in cybersecurity, with at least 5 years in a leadership role.</li><li>Expertise in <strong>application security</strong>, including <strong>OWASP Top 10</strong>, <strong>secure mobile application development</strong>, and <strong>WAF implementation</strong>.</li><li>Strong knowledge of <strong>identity security</strong>, <strong>cloud security</strong>, and <strong>enterprise risk management</strong>.</li><li>Experience securing <strong>cloud-based services</strong> and large-scale enterprise environments.</li><li>Familiarity with <strong>SOC 2, ISO 27001, GDPR</strong>, and industry compliance standards.</li><li>Familiarity with working with the following security tools:</li><li><strong>CSPM</strong> (Cloud Security Posture Management)</li><li><strong>VPNs</strong></li><li><strong>Firewalls</strong></li><li><strong>XDR</strong> (Extended Detection &amp; Response)</li><li><strong>Mail protection tools</strong></li><li>Other security solutions for endpoint protection, threat intelligence, and monitoring.</li><li>Industry certifications preferred (<strong>CISSP, CISM, OSCP, GIAC, AWS Security</strong>).</li></ul><p><br></p></div>
                                </div>
                            </div>
                        </div>