CISO

Chief Information Security Officer (CISO)

As the Chief Information Security Officer (CISO) at PAPAYA, you will be responsible for protecting the company’s digital infrastructure, data, and internal systems from cyber threats. You will develop and implement security strategies to ensure compliance, safeguard intellectual property, and mitigate cybersecurity risks. This role requires expertise in cloud security, real-time threat detection, and regulatory compliance to support a seamless and secure operational environment.

Key Responsibilities:

Security & Risk Management

• Develop and oversee security frameworks for enterprise infrastructure, including cloud environments and critical systems.
• Monitor real-time traffic and system logs to detect anomalies and mitigate security risks.
• Lead risk assessment initiatives to identify vulnerabilities and implement mitigation strategies.

Data Protection & Compliance

• Ensure compliance with global data protection laws (e.g., GDPR, CCPA) and industry regulations.
• Lead security and privacy initiatives to protect user accounts, payment information, and sensitive data.
• Oversee identity and access management (IAM) solutions to prevent unauthorized access to critical systems and applications.

Application Security & Secure Development

• Implement and enforce application security best practices, focusing on OWASP Top 10 vulnerabilities and secure coding.
• Ensure secure mobile application development by integrating security controls into mobile app lifecycles.
• Oversee Web Application Firewall (WAF) solutions to protect against web-based threats.
• Work with engineering teams to implement DevSecOps and security automation across development pipelines.
• Oversee penetration testing, bug bounty programs, and vulnerability management for applications and APIs.

Cyber Threat Intelligence & Incident Response

• Establish and manage security operations (SOC), SIEM, and threat detection for real-time response to cyber threats.
• Lead forensic investigations and incident response for cyberattacks affecting enterprise infrastructure.
• Stay ahead of emerging threats, including hacking techniques, ransomware, and credential stuffing attacks.

Security Awareness & Collaboration

• Educate employees and stakeholders on cybersecurity best practices.
• Work closely with legal, compliance, and risk teams to align security policies with business goals.
• Manage relationships with third-party security vendors and technology partners.

Policies & Compliance

• Develop & Maintain Security Policies – Create and enforce cybersecurity policies aligned with ISO 27001, NIST, GDPR, and industry standards.
• Ensure Regulatory Compliance – Oversee adherence to compliance frameworks (SOC 2, PCI-DSS, ISO27001, and ISO27701) and conduct security audits.
• Risk & Incident Management – Implement risk assessment strategies and incident response plans to mitigate security threats.
• Governance & Reporting – Provide security insights to leadership, track KPIs, and ensure business alignment with security objectives.

Nice to Have:

• Experience in fraud detection and prevention, including unauthorized access mitigation and financial fraud protection.
• Strong knowledge of payment security, identity verification, and fraud analytics.

Qualifications & Experience:

• B.Sc. degree in Computer Science, Software Engineering, or a related field.
• 10+ years of experience in cybersecurity, with at least 5 years in a leadership role.
• Expertise in application security, including OWASP Top 10, secure mobile application development, and WAF implementation.
• Strong knowledge of identity security, cloud security, and enterprise risk management.
• Experience securing cloud-based services and large-scale enterprise environments.
• Familiarity with SOC 2, ISO 27001, GDPR, and industry compliance standards.
• Familiarity with working with the following security tools:
• CSPM (Cloud Security Posture Management)
• VPNs
• Firewalls
• XDR (Extended Detection & Response)
• Mail protection tools
• Other security solutions for endpoint protection, threat intelligence, and monitoring.
• Industry certifications preferred (CISSP, CISM, OSCP, GIAC, AWS Security).