Position summary

The Information Security Specialist will be responsible for developing, implementing, and managing our information security program. This role involves identifying and mitigating security risks, ensuring compliance with relevant regulations, and leading security initiatives to safeguard our systems and data.

Key responsibilities

• Develop and implement information security policies, standards, and procedures.
• Conduct security risk assessments and recommend mitigation strategies.
• Manage security incidents, including detection, response, and post-incident analysis.
• Oversee the implementation and maintenance of security technologies and controls.
• Ensure compliance with relevant information security frameworks and regulations (e.g., ISO 27001, GDPR).
• Provide security awareness training to employees.
• Stay up-to-date with the latest security threats, trends, and technologies.
• Collaborate with development and other teams to integrate security requirements into business processes.
• Manage security audits and assessments.

Qualifications

• Bachelor's degree or higher in Computer Science, Information Technology, Cybersecurity, or a related field.
• Strong knowledge of information security principles, frameworks (e.g., ISO 27001), and best practices.
• Experience with security technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM, and endpoint protection.
• Familiarity with regulatory compliance requirements (e.g., GDPR, PCI DSS).
• Excellent analytical, problem-solving, and communication skills.
• Effective verbal and written communication skills in English and Mongolian.

Preferred qualifications

• Experience in implementing ISO 27001. Internal or lead auditor certification is a significant advantage.
• Familiarity with personal data protection frameworks (e.g., GDPR, ISO 27701).
• Experience in the fintech environment.
• Experience with cloud security (AWS, Microsoft Azure).