
Head of Security (Fully Remote) at EXUS. EXUS. is an enterprise software company, founded in 1989 with the vision to simplify risk management software. EXUS launched it's Financial Suite (EFS) in 2003 with the aim to support financial entities worldwide to improve their results. Today, our EXUS Financial Suite (EFS) is trusted by risk professionals in more than. 50 countries. worldwide (. MENA, EU, SEA. ). Two of our clients in SEA are major banks in the Philippines. We introduce simplicity and intelligence in their business processes through technology, improving their collections performance. . . Our people constitute the source of inspiration that drives us forward and help us fulfill our purpose of . being role models for a better world. . . This is your chance to be part of a highly motivated, diverse, and multidisciplinary team, which embraces breakthrough thinking and technology to create software that serves people. We offer a creative, fun, and above all, inspiring working environment that fosters team spirit and promotes the greater good. We are positive and eager to learn and explore. We are committed to our vision. . Our shared Values: . We are transparent and direct . We are positive and fun, never cynical or sarcastic . We are eager to learn and explore . We put the greater good first . We are frugal and we do not waste resources . We are fanatically disciplined, we deliver on our promises . We are EXUS! . Are you? . EXUS. is looking for a . Head of Security. to join us . remotely. at a company that is revolutionizing the way credit risk is managed.. This role reports directly to the CTO and requires a strong focus on . DevSecOps. practices. More specifically:. Main duties: . . Lead Cloud Security Strategy for Managed Services. . Lead a security team supporting cloud services, including DevSecOps engineers and cloud security architects.. . Collaborate with cloud operations, DevOps, compliance, and client success teams to ensure secure delivery of managed services.. . Secure cloud and on-premises infrastructure, containerized workloads, and Kubernetes clusters. . Implement and monitor compliance with industry security benchmarks (e.g. CIS, NIST). . Automate auditing and evidence collection for compliance certifications such as PCI-DSS and ISO 27001. . Implement a shift-left security strategy by integrating security controls and scanning tools into CI/CD pipelines (e.g. SAST, DAST, container image scanning). . Design and implement threat detection, prevention, and response mechanisms (e.g. IDS, runtime security). . Collaborate closely with the IT team to secure and automate internal systems, endpoints, and services. . Establish and enforce Kubernetes security policies (e.g. RBAC, network policies, Pod Security Standards). . Provide security guidance to development teams and help enforce secure coding and deployment practices. . Requirements:. . BSc degree in Computer Science, Cybersecurity, or a related field (MSc degree is a plus). . 8+ years of experience in DevOps, Security Engineering, or DevSecOps. . Deep expertise in:. . . Cloud security (AWS, Azure, or GCP). . Infrastructure as Code (e.g. Terraform, Ansible) and related security tooling (e.g. trivy, Checkov). . CI/CD security practices and tools. . Identity and access management (IAM). . . Proficiency with scripting (e.g. Python, Bash) for automation tasks. . Strong experience with:. . . Compliance frameworks (PCI-DSS, ISO 27001). . Security monitoring, alerting, and SIEM tools. . . Preferred Skills: . . Certifications such as CISSP, GCPN, or CKS. . Experience with Zero Trust architecture and endpoint security. . Knowledge of container security platforms and tools (e.g. Aqua, Prisma Cloud, Sysdig, Falco). . Experience participating in or leading incident response efforts . . General skills: . . Excellent knowledge of English language (both verbal & written) . . Strong problem-solving skills and analytical thinking . . Team player, self-motivated, constantly seeking new knowledge . . Fulfilled military obligations. . Company Location: Philippines.