Information Security Engineer

NowPay

Role Summary:

We are seeking a skilled and proactive Information Security Engineer to lead and scale NowPay s cybersecurity posture. This role is critical to securing sensitive employee financial data, ensuring the integrity of salary disbursement systems, and supporting regulatory compliance (e.g. local regulators, PCI-DSS, and GDPR). The successful candidate will be responsible for designing and enforcing best-in-class security practices across our platforms, cloud infrastructure, and internal processes.

Key Responsibilities:

Security Strategy & Architecture

• Define and continuously improve NowPay s information security strategy, policies, and controls across all layers (cloud, app, infrastructure).
  
• Lead threat modeling and risk assessment activities for new and existing systems.
  
• Ensure secure design of new fin-tech products including salary advance, BNPL, and bill payment services.
  

Vulnerability Management & Monitoring

• Conduct regular security assessments, vulnerability scans, and penetration testing.
  
• Monitor and respond to security incidents, collaborating with engineering and DevOps teams for resolution.
  
• Maintain and enhance audit logging, intrusion detection, and alerting systems.
  

Cloud & Application Security

• Implement secure configurations and hardening of AWS infrastructure (IAM, EC2, S3, RDS, etc.).
  
• Ensure secure code practices via CI/CD pipelines, code reviews, and dependency scanning (GitHub, Jira).
  
• Support the engineering team with encryption, tokenization, and data integrity mechanisms.
  

Compliance & Risk

• Support compliance with relevant regulatory frameworks (local regulators, PCI-DSS, ISO 27001).
  
• Manage security documentation, audits, and incident response playbooks.
  
• Collaborate with legal and compliance teams on security requirements for licensing or audits.
  

Employee Security Enablement

• Lead security awareness training for employees (e.g., phishing, password hygiene, secure device usage).
  
• Manage identity and access management (IAM), two-factor authentication, and role-based access controls.
  

Requirements

• 3+ years of experience in information security, preferably in fin-tech, banking, or SaaS environments.
  
• Hands-on experience with cloud/on-site security.
  
• Familiarity with regulatory and compliance standards: local regulators, GDPR, PCI-DSS, ISO 27001.
  
• Proficient in tools such as Metabase, GitHub, Jira, SIEMs, firewalls, and endpoint protection systems.
  
• Strong knowledge of OWASP Top 10, encryption protocols, and authentication systems.
  
• Bachelor s degree in Computer Science, Information Security, or related fields.