1001 Remote Jobs
Свежие вакансии удаленной работы
Сегодня: 17-Jul-2026 00:14 GMT
Просмотр вакансии
Подробный просмотр вакансии (вы будете перенаправлены на сторонний веб-сайт)
Название вакансии: Chief Information Security Officer
Кто разместил: Внешняя вакансия с jobs.dou.ua
Опубликована: 01-Jun-2026 15:01 GMT
Компания: TODA Pay
Описание: TodaPay is an international fintech company operating in the digital payments and financial infrastructure space across multiple jurisdictions. We support high-growth payment operations with multi-currency transactions, crypto payments, and complex corporate structures.
We are looking for a detail-oriented and proactive Accountant to join our Finance team and support core accounting operations, financial reporting, payroll processing, and coordination with external accountants and auditors across jurisdictions.

The Chief Information Security Officer (CISO) is the C-suite executive accountable for
information security, cyber resilience, and corporate IT operations across the group. Operating
in a regulated, multi-jurisdictional PSP and fintech environment spanning card acquiring &
gateway, card issuing / BaaS, and crypto / Web3 payment rails, the CISO defines and executes
the enterprise security strategy, safeguards cardholder data, customer funds, private keys, and
proprietary platforms, and ensures continuous compliance with PCI DSS, PSD2/SCA, GDPR,
DORA, NIS2, MiCA, SOC 2, ISO 27001, FCA/EBA expectations, and equivalent requirements in
other operating jurisdictions. In addition to leading security, the CISO owns corporate IT
— internal infrastructure, endpoints, identity, productivity tooling, and IT service delivery -and
drives its modernization in lockstep with business growth.

Key Responsibilities:

Security Strategy & Governance
• Define, own, and execute the multi-year information security and cyber resilience
strategy aligned with business growth, product roadmap, and regulatory obligations.
• Establish and maintain the Information Security Management System (ISMS) based on
ISO 27001, NIST CSF, and PCI DSS control frameworks.
• Report security posture, risks, incidents, and investment needs to the CEO, Executive
Committee, and Board on a regular cadence.
• Set and enforce enterprise security policies, standards, and acceptable use across all
business units.

Regulatory Compliance & Risk Management
• Maintain continuous compliance with PCI DSS Level 1, PSD2/SCA, GDPR, DORA,
NIS2, MiCA (for crypto activity), SOC 1/SOC 2 Type II, ISO 27001/27017/27018, and
EBA/FCA guidelines, plus equivalent obligations in other operating jurisdictions.
• Own the security risk register, third-party / vendor risk program, and risk treatment plans;
ensure alignment with enterprise risk management and the CRO.
• Lead external and internal audits, QSA assessments, penetration tests, and regulatory
examinations; remediate findings within agreed timelines.
• Oversee data protection program in coordination with the DPO, including DPIAs, data
residency, cross-border transfers, and breach notification procedures.

Cybersecurity Operations & Engineering
• Operate a 24/7 Security Operations Center (SOC) covering threat detection, monitoring,
incident response, digital forensics, and threat intelligence across acquiring, issuing, and
crypto rails.
• Lead the response to security incidents, payment fraud events, account-takeover, and
data breaches; act as the primary executive interface with regulators (FCA, EBA,
national CAs), card schemes, acquirers, and law enforcement during incidents.
• Mature vulnerability management, red/purple teaming, and threat hunting across multi-
cloud (AWS/GCP/Azure), Kubernetes, on-prem, PCI cardholder data environments
(CDE), and crypto custody/HSM enclaves.
• Drive Zero Trust architecture, network segmentation, cryptography/HSM/key
management, tokenization, secrets management, and secure key ceremonies for crypto
custody.
Cloud, DevSecOps & Product Security
• Embed Security-by-Design and Privacy-by-Design across the SDLC for payment
gateways, issuing platforms, APIs, mobile/web apps, merchant/partner portals, and
crypto wallets.
• Own a modern DevSecOps toolchain: SAST, DAST, SCA, secrets scanning, IaC
scanning, container & K8s posture (CSPM/KSPM), and policy-as-code in CI/CD.
• Operate a cloud security program across AWS/GCP/Azure: landing zones, guardrails,
workload identity, CNAPP, runtime protection, and continuous compliance.
• Partner with Engineering and Product to secure new payment products, BaaS/issuing
APIs, open banking integrations, crypto on/off-ramp and custody, and AI/ML use cases.
• Champion fraud and financial-crime prevention with Risk, Fraud, and AML −3DS2,
device fingerprinting, behavioral biometrics, transaction monitoring, sanctions screening,
and Travel Rule for crypto flows.

Identity, Access & Insider Risk
• Own enterprise identity (SSO, MFA, PAM, IGA), least-privilege enforcement,
joiner/mover/leaver processes, and privileged access to production and payment
systems.
• Run an insider risk and data loss prevention (DLP) program covering cardholder data,
PII, and sensitive financial information.
Business Continuity & Cyber Resilience
• Own cyber-resilience, DR, and business continuity planning for critical payment
processing services, ensuring RTO/RPO meet regulatory and scheme requirements.
• Run regular tabletop exercises, ransomware simulations, and crisis-management drills
with executive participation.

Corporate IT Management & Modernization (Additional Responsibility)
• Own end-to-end Corporate IT: infrastructure, networking, end-user computing,
collaboration suites ( Google Workspace), SaaS administration, telephony, and meeting
rooms across all offices and a globally distributed remote workforce.
• Drive the Corporate IT modernization roadmap: cloud-first, SaaS-first, MDM/UEM,
passwordless identity and convergence of corporate networking.
• Own IT asset and SaaS lifecycle management, software licensing, spend optimization
(FinOps for SaaS), and IT vendor / contract management.
• Ensure secure, automated onboarding/offboarding for employees and contractors,
including device provisioning, access entitlements (joiner/mover/leaver), and data
recovery.
• Manage the Corporate IT budget, capacity planning, and operational efficiency; align
corporate IT controls with security, privacy, and regulatory requirements (incl. DORA ICT
scope).
• Support M&A integration of acquired entities’ IT estates -consolidating identity,
endpoints, SaaS, and networking into the group standard.

People, Culture & Awareness
• Build, mentor, and retain a high-performing security and IT organization; define career
paths, hiring plans, and succession.
• Run enterprise-wide security awareness, phishing simulations, and role-based training
for engineers, operations, and customer-facing teams.
• Foster a strong security and service culture that treats security as a business enabler,
not a blocker.

Budget & Vendor Management
• Own consolidated Security + Corporate IT budget (capex and opex); optimize spend
across tooling, services, and headcount.
• Manage strategic relationships with security vendors, MSSPs, cloud providers, QSAs,
auditors, and IT service partners.

Requirements:
• 7+ years in information security, with 5+ years in a CISO, Deputy CISO, or equivalent C-
suite role inside a PSP, acquirer, issuer/BaaS provider, card network, EMI, bank, or
regulated fintech operating in EU or US.
• Demonstrated hands-on accountability for PCI DSS Level 1 (RoC), PSD2/SCA, GDPR,
SOC 2 Type II, ISO 27001 programs; working knowledge of DORA, NIS2, and MiCA.
• Proven experience leading security across acquiring/gateway and card issuing or BaaS
stacks; familiarity with crypto / Web3 payment rails and custody is required.
• Deep technical fluency in cloud security (AWS/GCP/Azure), Kubernetes, API security,
DevSecOps toolchains, cryptography, HSM/KMS, tokenization, and Zero Trust.
• Track record of leading 24/7 SOC and incident response for material cyber, fraud, and
payment incidents -including regulator, card-scheme, and partner-bank communications.
• Direct accountability for corporate IT operations at scale (service desk, endpoint, M365 /
Google Workspace, identity, networking) and for leading an IT modernization program.
• Strong partnership track record with Fraud, AML, and Financial Crime teams -including
transaction monitoring, sanctions, and Travel Rule implementation.
• Experience reporting to Boards, Risk & Audit Committees, regulators, and external
auditors.
• Relevant certifications: CISSP, CISM, CISA, CRISC, CCSP, or equivalent.

Nice to Have:
• Experience with issuing/processing platforms (e.g., Marqeta, Galileo, Paymentology, in-
house BIN-sponsored issuing) and acquiring stacks.
• Hands-on familiarity with crypto custody (MPC / HSM), stablecoin rails, on/off-ramp
flows, and Travel Rule tooling (e.g., TRP, Notabene, Sumsub).
• Open Banking, embedded finance, and BaaS exposure.
• Experience scaling security and IT through rapid headcount growth, geographic
expansion, and M&A integration.

We offer:
• Opportunity to work in a fast-growing international fintech company
• Professional growth opportunities alongside with company
• 24 paid vacation days per year and 5 paid sick leave days per year
• 10 Public holidays days
• An opportunity to work full remote or hybrid flexibility
• Collaborative and friendly team
• Professional education budget after 6 months working in the company
• Birthday gift bonus for all our employees

Відгукнутись на вакансію
Job ID: 172512
Требуемые навыки: Cloud
Зарплата:
Регион: Варшава (Польща), віддалено
Подробный просмотр вакансии (вы будете перенаправлены на сторонний веб-сайт)
Новые вакансии / Все вакансии
Вакансия Компания Открыта
Архитектор-чертежник (ArchiCad) дизайн интерьеров
Зарплата: от 110 000 руб.
Регион: Москва
SL.Architects 16-Jul-2026
21:57 GMT
Revenue-менеджер
Зарплата: от 30 000 до 100 000 руб.
Регион: Москва
Ревьеро 16-Jul-2026
21:46 GMT
Revenue-менеджер
Зарплата: от 30 000 до 100 000 руб.
Регион: Ростов-на-Дону
Ревьеро 16-Jul-2026
21:46 GMT
Младший менеджер по работе с маркетплейсом Wildberries
Зарплата: до 50 000 руб.
Регион: Ижевск
Ходжиев Бобобек Махмадшарифович 16-Jul-2026
21:45 GMT
Товаровед
Зарплата: от 80 000 до 80 000 руб.
Регион: Петропавловск-Камчатский
Авачинское 16-Jul-2026
21:35 GMT
Data Scientist
Зарплата: от 70 000 до 130 000 руб.
Регион: Ростов-на-Дону
Ревьеро 16-Jul-2026
21:20 GMT
Менеджер по продажам в онлайн-школу психологии отношений
Зарплата: от 150 000 до 350 000 руб.
Регион: Москва
Сапронов Денис Андреевич 16-Jul-2026
21:08 GMT
Помощник арбитражного управляющего/юрист по банкротству
Зарплата: до 95 000 руб.
Регион: Санкт-Петербург
Арбитражный Управляющий Лаптова Ирина Сергеевна 16-Jul-2026
20:56 GMT
Продакт-менеджер (В2С, услуги, международные рынки)
Зарплата: от 200 000 руб.
Регион: Москва
Глебовская Екатерина Александровна 16-Jul-2026
20:53 GMT
Менеджер по продажам в переписках/Менеджер по работе с клиентами
Зарплата: от 40 000 до 100 000 руб.
Регион: Нижний Новгород
Создатели Команды
(ИП Калинина Алёна Сергеевна)
16-Jul-2026
20:49 GMT
Оператор входящей линии(с ночной сменой)
Зарплата: от 50 000 до 65 000 руб.
Регион: Санкт-Петербург
ВЕС-Медиа 16-Jul-2026
20:45 GMT
Разработчик Node.js
Регион: Москва
StormWall™ 16-Jul-2026
20:44 GMT
Специалист службы технической поддержки
Зарплата: от 55 000 до 65 000 руб.
Регион: Краснодар
Гуднэт 16-Jul-2026
20:43 GMT
Senior Java Engineer (monoмаркет)
Навыки: Java
Регион: віддалено
mono 16-Jul-2026
17:16 GMT
Архитектор 1С
Зарплата: от 260 000 до 300 000 руб.
Top Selection 16-Jul-2026
17:14 GMT
Все вакансии
Удаленные вакансии по навыкам ...
Удаленные вакансии 'android'
Удаленные вакансии 'angular'
Удаленные вакансии 'ajax'
Удаленные вакансии 'aspnet'
Удаленные вакансии 'backend'
Удаленные вакансии 'bigdata'
Удаленные вакансии 'cloud'
Удаленные вакансии 'cms'
Удаленные вакансии 'cpp'
Удаленные вакансии 'csharp'
Удаленные вакансии 'css'
Удаленные вакансии 'devops'
Удаленные вакансии 'drupal'
Удаленные вакансии 'excel'
Удаленные вакансии 'frontend'
Удаленные вакансии 'fullstack'
Удаленные вакансии 'html'
Удаленные вакансии 'java'
Удаленные вакансии 'javascript'
Удаленные вакансии 'joomla'
Удаленные вакансии 'iphone'
Удаленные вакансии 'linux'
Удаленные вакансии 'mysql'
Удаленные вакансии 'php'
Удаленные вакансии 'python'
Удаленные вакансии 'qa'
Удаленные вакансии 'ruby'
Удаленные вакансии 'seo'
Удаленные вакансии 'sql'
Удаленные вакансии 'sysadm'
Удаленные вакансии 'vbnet'
Удаленные вакансии 'xml'
Удаленные вакансии 'wordpress'
Читать RSS-ленты ... Новое!
Лента вакансий для 'android'
Лента вакансий для 'angular'
Лента вакансий для 'ajax'
Лента вакансий для 'aspnet'
Лента вакансий для 'backend'
Лента вакансий для 'bigdata'
Лента вакансий для 'cloud'
Лента вакансий для 'cms'
Лента вакансий для 'cpp'
Лента вакансий для 'csharp'
Лента вакансий для 'css'
Лента вакансий для 'devops'
Лента вакансий для 'drupal'
Лента вакансий для 'excel'
Лента вакансий для 'frontend'
Лента вакансий для 'fullstack'
Лента вакансий для 'html'
Лента вакансий для 'java'
Лента вакансий для 'javascript'
Лента вакансий для 'joomla'
Лента вакансий для 'iphone'
Лента вакансий для 'linux'
Лента вакансий для 'mysql'
Лента вакансий для 'php'
Лента вакансий для 'python'
Лента вакансий для 'qa'
Лента вакансий для 'ruby'
Лента вакансий для 'seo'
Лента вакансий для 'sql'
Лента вакансий для 'sysadm'
Лента вакансий для 'vbnet'
Лента вакансий для 'xml'
Лента вакансий для 'wordpress'
Новое!
Jobs in English
Короткий URL:
1001rejo.ru
Мобильная версия:
m.1001remotejobs.ru
Copyright © 2020-2022 1001 Remote Jobs