Security Officer (PCI DSS) - Moonpig.com

The Photobox Group operates under a family of brands including Moopig.com, PhotoBox, Sticky9, Papershaker, Hofmann and Posterjack.

Moonpig.com is the world's largest online personalised greeting card retailer. Founded in 1999 it now has almost four million active customers and ships over 14 million cards per year. The product range not only includes cards but also flowers, plants and a growing range of personalised gifts. In July 2011 the business merged with PhotoBox, creating Europe's leading personalised publishing group with a focus on online retailing of greeting and gift cards and digital photo services, including printing, storage, sharing and publishing.

Together the company boasts more than 16 million members with approximately 7 million active customers in 15 countries. The estimated value of the combined group's core markets - the UK single card market and the European online photography market - is more than GBP2 billion and is growing at 17 % per annum. The group had combined turnover last year in excess of GBP100m and is ideally positioned to meet the growing demand for innovative and convenient online personalised publishing solutions.

The Role

This is an exciting opportunity to join the growing IT function at Moonpig. We are looking for a versatile Security Officer with strong web-orientated skills, alongside a proven track-record managing an e-commerce focused security programme at a senior, consultative level.

The role requires the ability to collaborate with development and operational areas of IT to ensure secure coding and operational practices are maintained and constantly improved upon. This is with a view towards Moonpig's on going commitment to adhere to PCI DSS standards and other associated security requirements and industry best practices.

Working within the Moonpig Operations team and alongside the talented development and QA test teams, the Security Officer will be tasked with producing, maintaining and helping to implement security policies affecting both corporate and consumer components of Moonpig's IT landscape. Previous, active engagement with PCI DSS QSA's and external ASV and Penetration Testing vendors is an expectation.

You will have a strong understanding of web-based technology, network and systems administration - with the ability to draw from this knowledge when identifying issues and formulating plans, policies and remediation work that may be required to ensure the security of application platforms at Moonpig.

Keeping up with industry InfoSec developments and technologies, and demonstrating the positive business impact of secure working practices are a critical part of the role.

Required Skills

• Awareness of web-based coding technologies and their associated security best practices;
• Experience creating secure infrastructure 'base build' standards and policies;
• Ability to influence and govern best practice adoption of information security standards;
• Working knowledge of Microsoft and Open Source (Linux, BSD) Server Operating systems;
• Working knowledge of at least one Hypervisor platform (e.g. VMware, Xen, Hyper-V);
• Understanding and ability to analyse the configuration of networking infrastructure including switches, IDS/IPS, Firewalls and Network Load Balancers;
• Proven experience of recommending, and facilitating the implementation of DDoS mitigation technologies;
• Strong trouble shooting and problem solving abilities especially when under pressure;
• Excellent communication skills - both technical and business languages;
• Strong team working ethic but also the ability to work alone on critical projects/assignments;
• An understanding of the security implications and pitfalls of using REST API's and SOAP;
• Experience of Release Management and Release Management Practices;
• Demonstrable, active involvement within the online security community.

Desirable Skills/ Experience

• Worked as a QSA in a fast paced PCI level 1 accredited environment;
• Working knowledge of the Data Protection Act relating to Personally Identifiable Information (PII);
• CISSP, CISA, Cisco CyberSecurity, CISM or similar industry-recognised security qualification;
• Experience working and influencing development teams;
• Experience with JIRA or other incident/ticket tracking system;
• Knowledge of Cloud hosting platforms (e.g., Microsoft Azure, Amazon AWS) and associated security best practices;
• Involvement/stakeholder in ISO27001, PAS 555, ITIL or similar remediation and audit programme of work;
• Incident Management experience.