Ingenico is the global leader in payments acceptance solutions. As the trusted technology partner for merchants, banks, acquirers, ISVs, payment aggregators and fintech customers our world-class terminals, solutions and services enable the global ecosystem of payments acceptance. With 40 years of experience, innovation is integral to Ingenico’s approach and culture, inspiring our large and diverse community of experts who anticipate and help shape the evolution of commerce worldwide. At Ingenico, trust and sustainability are at the heart of everything we do.  

The Head of Security Risk Management is the organisation's senior leader responsible for defining, governing, and continuously improving the enterprise security risk framework. While operational security services are delivered by a Managed Security Service Provider (MSSP/MSP), this role ensures that risks are identified, assessed, prioritised, and managed in alignment with business objectives, regulatory requirements, and the organisation's security strategy.

This is a strategic leadership role focused on risk governance, assurance, third-party oversight, compliance alignment, and business engagement, ensuring the CISO has a clear, auditable, data-driven view of the organisation's security posture.

Key Results Areas

1. Enterprise Security Risk Leadership

Own and evolve the organisation's Security Risk Management Framework, ensuring alignment with ISO 27001, NIST CSF, and relevant regulatory requirements. Lead the identification, assessment, mitigation advisory and prioritisation of security risks across all business units, technology domains, and critical assets. Maintain the enterprise security risk register, ensuring risks are accurately documented, scored, and tracked through remediation. Provide clear, actionable risk insights and recommendations to the CISO, executive leadership, and Board committees.

2. Governance, Policy, and Assurance

Own the security policy framework, ensuring policies are current, risk based, and effectively implemented across the organisation. Lead security assurance activities, including internal control testing, risk assessments, maturity assessments, and audit readiness. Oversee policy adoption and control effectiveness across IT, technology, and physical security domains. Oversee security risk mitigation plans and ensure accountable stakeholders deliver agreed improvements on time. Drive continuous improvement of governance processes, assurance metrics, and risk reporting.

3. Security Management Plan (SMP) Accountability – MSP Compliance

Act as the senior point of accountability for Managed Service Provider (MSP) performance in relation to risk reduction and control effectiveness. Ensure MSP services align with the organisation's risk appetite, regulatory obligations, and security strategy. Review and challenge MSP outputs, including incident reports, threat intelligence, vulnerability findings, and control monitoring results. Ensure operational risks identified by the MSP are translated into enterprise risk language and integrated into the security risk register.

4. Third Party and Supply Chain Risk

Lead the Third Party Security Risk Management programme, including supplier tiering, due diligence, onboarding assessments, and ongoing monitoring. Work with Procurement, Legal, and business owners to ensure contracts include appropriate security controls and obligations. Oversee security risk assessments for critical suppliers, cloud providers, and technology partners.

5. Regulatory, Audit, and Compliance Alignment

Ensure security risk practices support compliance with applicable regulations and standards (e.g. GDPR, NIS2, DORA, PCI DSS, ISO 27001). Act as the primary security risk contact for internal and external audits, regulatory reviews, and assurance activities. Coordinate with relevant functions to provide evidence, documentation, and leadership during audits, certifications, and regulatory engagements.

6. Physical Security Risk & Assurance

Provide governance and assurance over physical security risks, including offices, data centres, and critical facilities. Ensure physical security controls, assessments, and incident lessons learned are captured and integrated into the enterprise security risk framework. Align physical security assurance activities with broader cyber and information security risk practices.

7. Customer Audit Support & Assurance Response

Act as the senior security risk focal point for customer audits, due diligence requests, and security assurance reviews. Coordinate consistent, high quality responses that accurately represent the organisation's security posture. Manage customer audit outcomes and findings through to resolution, preserving trust and contractual commitments.

8. Business Engagement & Leadership

Build strong relationships with business and technology leaders to embed security risk considerations into decision making. Provide expert guidance on risk treatment options, control selection, and security architecture decisions. Lead and develop a team of security risk, compliance, and assurance professionals, fostering a culture of accountability and continuous improvement. Deliver clear, concise security risk reporting to senior stakeholders, including the CISO, CIO, COO, and Board.

Candidate Requirements

Skills & Experience – Essential

Extensive experience in security risk management, governance, or assurance leadership roles.

Strong understanding of security frameworks (ISO 27001/27005, NIST CSF, NIST 800-53, CIS Controls).

Demonstrated ability to operate at senior leadership level and influence executive stakeholders.

Experience overseeing or working with managed security service providers.

Strong understanding of regulatory requirements relevant to the organisation's sector.

Proven ability to translate technical risks into business-aligned language. Excellent communication, analytical, and decision-making skills.

Skills & Experience – Desirable

Professional certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Implementer, or CCSK/CCSP.

Experience in risk management within complex, multi-vendor environments.

Background in audit, compliance, or security architecture.

As part of our values, we embrace diversity and inclusion at Ingenico. We are an equal opportunity employer and do not discriminate on the basis of an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status or any other protected characteristic under applicable law, whether actual or perceived.

Ingenico welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.

We want to adapt our processes and create a safe work environment that welcomes everyone.

To learn more about what it's like working inside Ingenico, follow us on LinkedIn