Специалист по информационной безопасности (Fintech, English) / Informational Security Officer

Collect Group Holdings is a progressive group of fintech companies founded in 2017. Our mission is to revolutionize the way businesses manage customer relationships. We strive for innovation and excellence, specializing in the development of cutting-edge fintech and blockchain platforms.

Our companies:

Collect & Pay

Collect & Exchange

Capital Pay

Vacancy: Information Security Specialist
Location: Republic of Kazakhstan, Astana
Work format: Office

The Information Security Officer (ISO) is responsible for establishing and maintaining the company’s information security program, ensuring that information assets and associated technologies, applications, systems, infrastructure, and processes are protected in accordance with regulatory, legal, and business requirements of the Republic of Kazakhstan and international standards. This role will play a crucial part in compliance with AIFC regulations, enhancing organizational cybersecurity readiness and resilience.

Key Responsibilities

• Ensure compliance with Kazakhstani laws, including: Law on Informatization, Law on Personal Data and Their Protection, Law on Payments and Payment Systems, Rules for Organizing the Activities of Payment Organizations (NBK Resolution).
  

• Lead internal information security awareness training and phishing simulation campaigns.
  

• Coordinate and execute response protocols for malware infections, unauthorized access attempts, and suspicious financial transactions.
  

• Manage vulnerability identification and remediation; establish preventive security controls.
  

• Maintain comprehensive logs and records of security incidents and events; generate internal and regulatory reports as required.
  

• Assist in external and internal audits, ensuring continued compliance with standards such as ISO/IEC 27001 and PCI DSS.
  

• Support IT infrastructure teams to ensure secure and resilient technology operations aligned with legal and business expectations.
  

• Perform security risk assessments and contribute to ongoing risk management planning.

Qualifications

• Bachelor's degree in Information Security, Computer Science, Cybersecurity, or related field.
  

• Minimum 3–5 years of experience in an information security role, preferably within fintech, banking, or payment institutions.
  

• Strong knowledge of Kazakhstani information security laws and regulations.
  

• Experience working with or within regulatory bodies (e.g., AIFC) is an asset.
  

• Industry certifications preferred (e.g., CISSP, CISM, ISO 27001 Lead Implementer, CEH).
  

• Knowledge of international standards (ISO/IEC 27001, PCI DSS) and risk frameworks (e.g., NIST, COBIT).
  

• Fluency in Kazakh and/or Russian; English proficiency desirable for regulatory communication.

What do we offer?

• You will have the status of an employee at a tech company with great growth potential, a very long runway, and large, growing markets

• Competitive salary and stable working conditions

• Career and professional development opportunities

• Paid lunches

• Engaging tasks that will help you grow

• A friendly team with no unnecessary formalities and hierarchy

• Opportunity for additional company-sponsored training