Information security support specialist in EasyPay

We are looking for an Information security support specialist to join a team where processes are already built and work systematically.

This role will suit a specialist who is comfortable working with the regulatory framework, regulatory requirements, internal control and staff training. The main focus of the role is the maintenance of internal IS documents, control of compliance of processes with NBU requirements, preparation of reports and participation in raising employee awareness.

Why should you work at EasyPay:

• Market leader: EasyPay is one of the largest non-bank payment systems in Ukraine, more than 24,000 payment terminals, a mobile application and a contactless payment system in transport.

• 19 years of experience: a stable company with strong expertise and a reliable reputation.

• Socially important payment system: in 2025 EasyPay received the official status of a socially significant payment system of Ukraine.

What will need to be done:

• Develop and update internal regulatory documents with information security in accordance with the requirements of the NBU, in particular Resolutions No. 43, No. 123, No. 185, No. 187;

• Adapt regulatory requirements to the internal processes of the company;

• Control compliance with information security rules and procedures in business units;

• Conduct internal audits, analyze logs, orders and regulations for relevance and implementation;

• Prepare official reports and responses to requests from regulators on information security and cyber resilience;

• Accompany external audits and interact with technical teams and auditing parties;

• Prepare training materials, presentations, tests and other training formats for employees;

• Conduct training of colleagues on social engineering, phishing and basic information security rules.

Our expectations:

• Understanding NBU requirements for the non-banking financial sector in terms of information security and cyber resilience;

• Knowledge of key information security domains: ISMS, ISO 27001, infrastructure protection, access management, cryptography, monitoring and incident response, cyber resilience, social engineering;

• Ability to work with regulatory documentation and interpret regulatory requirements;

• Analytical skills, ability to consolidate information from various sources to prepare metrics and regulatory reporting;

• Legal literacy and ability to transform complex legal texts into understandable internal regulations;

• Higher education in the field of information security, cyber security or jurisprudence with knowledge in the field of IT.

Will be a plus:

• Experience in the financial sector or fintech;

• Experience of interaction with regulatory inspections and audits;

• Development experience or supporting internal regulatory documentation on IS;

• Experience in preparing training materials for employees.

What we offer:

• Opportunity to work in an office or in a hybrid format;

• Timely payment of wages;

• 24 calendar days of paid vacation and paid sick days;

• Comfortable office in Podil, near the town of Taras Shevchenko;

• English speaking club, opportunity to play football, seminars from psychological support, gifts for the holidays;

• Working in a company with already established information security processes;

• A clear area of responsibility and a structured approach to tasks;

• Team support and mentoring in adapting to the specifics of regulatory requirements;

• Guaranteed annual professional development directly;

• Balanced workload and predictable work rhythm.

We will be glad to receive your resume and get to know each other better!