Infosec Manager

About the Company:

Ouro is a global, vertically-integrated financial services and technology company dedicated to the delivery of innovative financial empowerment solutions to consumers worldwide. Ouro’s financial products and services span prepaid, debit, cross-border payments, and loyalty solutions for consumers and enterprise partners.

Ouro's flagship product Netspend provides prepaid and debit account solutions that connect customers with secure, convenient access to global payment networks so they can manage their money and make everyday purchases. With a nationwide U.S. retail network, customers can purchase and reload Netspend products at 130,000 reload points and over 100,000 distributing locations.

Since Ouro's founding in 1999 by industry pioneers Roy and Bertrand Sosa, Ouro products have processed billions of dollars in transaction volume and served millions of customers worldwide. The company is headquartered in Austin, Texas with regional offices around the world. Learn more at www.ouro.com.

About the Role

The Information Security Manager is responsible for leading the development, implementation, and oversight of the organization’s information security strategy, with a strong focus on application security. This role ensures the protection of critical business systems, data, and infrastructure through proactive risk management, secure software development practices, and cross-functional collaboration. The ideal candidate brings 10+ years of progressive experience in cybersecurity and application security, with strong leadership and hands-on technical capabilities.

Key Responsibilities:

1. Security Strategy, Governance & Compliance

• Develop, implement, and maintain enterprise-wide security policies and procedures, covering access control, incident response, data privacy, and user awareness.
  

• Conduct regular risk assessments and security audits to identify vulnerabilities and compliance gaps.
  

• Ensure compliance with industry standards and regulations such as PCI DSS, GDPR, HIPAA, ISO 27001, NIST, etc.
  

• Manage third-party/vendor security risk assessments and enforce relevant security controls.
  

• Lead internal and external security audits, and oversee remediation efforts.
  

2. Application Security (AppSec)

• Define and execute a robust Application Security strategy, ensuring security is embedded throughout the SDLC.
  

• Collaborate with development teams to integrate static (SAST), dynamic (DAST), and software composition analysis (SCA) tools into CI/CD pipelines (e.g., GitLab, Jenkins).
  

• Conduct code reviews, threat modeling, and secure architecture reviews for critical applications.
  

• Provide actionable remediation guidance for vulnerabilities such as SQL Injection, XSS, CSRF, RCE, etc.
  

• Promote and enforce secure coding practices, leveraging frameworks such as OWASP ASVS and Top 10.
  

• Stay updated on emerging application threats and security trends, incorporating them into internal processes and controls.
  

3. Security Operations & Incident Management

• Oversee day-to-day security operations including monitoring, detection, investigation, and incident response.
  

• Lead response efforts for security incidents—containment, analysis, resolution, and root cause documentation.
  

• Manage and maintain key security tools including SIEM, EDR, IDS/IPS, firewalls, and cloud-native security tools.
  

• Coordinate vulnerability management activities using tools like Qualys, Tenable, OpenVAS, and ensure timely remediation.
  

4. DevSecOps Integration

• Drive security automation by integrating tools into CI/CD pipelines, ensuring early detection of vulnerabilities.
  

• Promote a DevSecOps culture by working closely with engineering and DevOps teams to embed security across development and deployment lifecycles.
  

• Evaluate and implement security tooling for containerized and cloud-native applications (e.g., Docker, Kubernetes, AWS, Azure).
  

5. Leadership, Training & Stakeholder Engagement

• Lead and mentor a team of security analysts and engineers, providing strategic and tactical guidance.
  

• Define security KPIs, report on program effectiveness, and present risks to executive leadership.
  

• Conduct internal training, awareness programs, and regular knowledge sharing to foster a security-first mindset.
  

• Manage the security budget and ensure resource allocation aligns with organizational risk priorities.
  

• Engage with external stakeholders such as auditors, regulators, vendors, and law enforcement when required.
  

Key Skills & Qualifications:

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
  

• 10+ years of experience in cybersecurity, including 5+ years in application security and security architecture roles.
  

• Strong experience in secure software development, DevSecOps, and vulnerability management.
  

• Deep understanding of web application and API security, threat modeling, and risk assessment.
  

• Hands-on expertise with security tools (e.g., SAST, DAST, SCA, SIEM, IDS/IPS, EDR).
  

• Proficient in scripting (e.g., Python, Bash) for automation and tool integration.
  

• Familiar with cloud and container security best practices for AWS, Azure, Docker, Kubernetes.
  

• Excellent interpersonal and communication skills, with the ability to influence both technical and non-technical stakeholders.
  

• Preferred certifications: CISSP, CISM, OSCP, CEH, GWAPT, or similar.