YOUR JOB
The Information Security Risk and Compliance Manager directs, coordinates, plans, organizes and reports on all Information security risk and compliance activities throughout Ingenico ePayments in line with the Ingenico ePayments security policies, PCI-DSS and/or ISO27001/2 frameworks.
The Information Security Risk and Compliance Manager works with a wide variety of people from different internal organizational units, bringing them together to manage current and future physical, logical and information security risks.
The Information Security Risk and Compliance Manager is responsible for taking steps to maintain and where possible enhance the Information Security risk management processes within the Enterprise Risk Management organization & framework. He/She will also support security compliance (PCI DSS, ISO 27001,..) to ensure the protection of Ingenico ePayments information and Ingenico ePayments customer information.
After an internal training period about our products and services, you will be an Information Security Risk & Compliance Manager allowing you to:
· Connect with the business and articulate the security risks and security risk treatment activities (organizational, procedural and/or technology) in business language to the business stakeholders
· Manage the security compliance and where possible support the business in compliance enhancement activities
· Manage and maintain the Information security risk assessment program (incl. Business Impact Analyses, Information Security Risk Processes and Compliance) in line with Ingenico Enterprise Risk Management framework
· Conduct interviews and deliver information security risk assessments of the current infrastructure, projects, new technologies, external service providers and Information Security related changes
· Guide staff and managers on the appropriate security risk mitigation strategies
· Manage and maintain the internal and external (third parties) security compliance framework based on Legislation, Company Policies, PCI-DSS and ISO 27001/2 With a strong emphasize on the PCI DSS Rolling Assessment program
· Manage the communication and reporting on security risk metrics supporting the overall Information Security (dashboard) reporting
· Support quality assurance reviews of security requirements in Security Development Lifecycle Management and Project Management
· Assists with the development of the enterprise security architecture including the creation of policies and processes at the business, information, infrastructure, and application level
· Prioritizes, monitors, and assesses compliance and audit recommendation results to ensure they are comprehensive, robust and of high quality
· Continuously assess the shortfall between both actual security measures in place and being effective and those established at a policy level thus highlighting deficiencies for remedial action
· Work with IT and other business departments to support remediation of findings and development of corrective actions supported by information security operations
· Support the implementation and management of a GRC tool
· Define and maintain process to assess and monitor critical third-party suppliers information security
· Support Data Privacy Officer to define and implement compliance program with Data Privacy regulation.
· Support Legal on data privacy & security clauses review in customer and partner contractual agreement
· Support business in responding to customer RFP in regards to data privacy and information security management topics
· Perform Privacy Impact Assessment (project, external supplier,..)
· Provide guidance to internal partners on data breach incident management & data privacy by design
· Maintain security awareness program and provide internal training on information security & data privacy
Challenges offered by our business environment:
· Ensuring the compliance of our infrastructure with the highest level of security imposed by our sensitive business activities and industry standards (Payment Card Industry Data Security Standards, ISO 27001)
· Keeping our platform constantly secure and protect our E-Commerce merchants and their customers against any attempts of fraud
YOUR QUALITIES
Background:
· Bachelor degree with at least 5 years relevant experience in the information security risk management area
· Experience in the financial industry
· Experience with PCI-DSS, ISAE 3402 and ISO27001 security standard is an asset
· Experience in developing or working with risk methodologies (like CRAMM/ISO31000/ISO27005)
· CISSP certification strongly recommended
· Other security certification (ISA, QSA, CISA, ISO27001 Lead Auditor etc) is considered as a bonus
· Strong understanding of IT environments
· Previous success and proven ability to remediate information security issues within the context of their potential impact on business requirements and processes
Languages:
· Fluent in English
· Good level of French, Dutch is an asset
Soft skills
· High level of responsibility
· Proactive
· Flexible attitude and willingness to work under pressure
· Result driven
· Well developed analytical skills and being accurate
· Team player
· Customer focus
· Attention to detail
· Ability to interface and build collaborative relationships with a mixture of business and technical customers
· Excellent communication skills
· Well-developed analytical skills and being accurate
Hard skills:
· Knowledge of GRC tools