Business information security officer

Ingenico is the global leader in payments acceptance solutions. As the trusted technology partner for merchants, banks, acquirers, ISVs, payment aggregators and fintech customers our world-class terminals, solutions and services enable the global ecosystem of payments acceptance. With 40 years of experience, innovation is integral to Ingenico’s approach and culture, inspiring our large and diverse community of experts who anticipate and help shape the evolution of commerce worldwide. At Ingenico, trust and sustainability are at the heart of everything we do.  

Job Summary

The Business Information Security Officer (BISO) will act as the bridge between the cybersecurity organization and business units, ensuring cybersecurity priorities are integrated into business objectives and development processes. He will play a pivotal role in embedding security into business workflows, systems, and development lifecycles, ensuring end-to-end protection of critical assets—including the crown jewels. His role involves aligning cybersecurity with business strategies, managing risks, implementing robust controls, and driving reporting activities to track security posture.

Key Responsibilities

1. Cybersecurity Business Alignment
   • Partner with business unit leaders to understand their goals, processes, and challenges, aligning cybersecurity strategies with business priorities and ensuring security is part of the planning and implementation stages.
2. Security in Development Lifecycles (SDLC)
   • Collaborate with development, DevOps, and product teams to integrate security across the software development lifecycle (SDLC), from planning to deployment taking into account best coding practices
3. Risk Management and Governance
   • Identify, assess, and manage cybersecurity risks specific to business units, ensuring risks are logged in the enterprise risk register and mitigated proactively.
   • Ensure alignment with frameworks like NIST CSF, ISO 27001, PCI DSS, and regulatory requirements.
4. Control Implementation and Monitoring
   • Implement and monitor technical and procedural security controls to ensure compliance with policies and standards across systems, applications, and business processes.
   • Oversee access control reviews, ensuring that permissions align with least privilege and zero trust principles, particularly for crown jewels.
5. Incident Management and Resilience
   • Collaborate with the incident response team to ensure business units and systems are prepared to respond to cyber incidents.
   • Lead post-incident analysis and ensure findings are integrated into improved security controls and risk mitigation strategies.
   • Drive business unit participation in cyber crisis simulations and tabletop exercises to test incident readiness and resilience under various attack scenarios.
6. Security Metrics, Reporting, and Governance
   • Develop and implement a comprehensive security reporting framework to track performance, risks, and control effectiveness across the business units.
7. Project and Change Management
   • Conduct security reviews for new software, tools, and third-party vendors, ensuring compliance with internal security standards and control requirements.
8. Regulatory Compliance & Security:
   • Ensure all payment terminal projects are designed, developed, and deployed in full compliance with PCI-DSS, NISv2, DORA, and ISO 27001 standards, addressing both technical and operational security requirements.
   • Oversee the integration of cybersecurity controls related to ISO 27001 in Ingenico businesses and operational processes, ensuring the security management system is aligned with international best practices.

Key Requirements

• Education:
  • Bachelor’s degree in Cybersecurity, Information Technology, Engineering, or related field.
  • Certifications in project management (e.g., PMP, PRINCE2) and ISO 27001 Lead Implementer/Lead Auditor are strongly preferred.
• Experience:
  • Minimum of 5 years of experience in managing projects within the cybersecurity or payment technology sectors, including at least 3 years working in regulated environments.
  • Proven expertise in managing complex, cross-functional projects while ensuring compliance with PCI-DSS, NISv2, DORA, and ISO 27001.
  • Experience in the development, deployment, or integration of secure payment terminals (hardware and software).
  • Familiarity with managing ISO 27001 certification processes and applying the principles of Information Security Management Systems (ISMS).
• Skills:
  • Advanced knowledge of project management principles and methodologies, including Agile, Waterfall, and Hybrid approaches.
  • Strong understanding of cybersecurity controls, secure SDLC, DevSecOps practices, and continuous monitoring.
  • Experience in implementing and measuring security controls across business-critical systems and applications, including crown jewels.
  • In-depth knowledge of security frameworks such as NIST CSF, ISO 27001, PCI DSS, DORA and OWASP.
  • Expertise in managing security and risk assessments, vulnerability management, and the implementation of security controls.
  • Strong leadership, communication, and interpersonal skills, with the ability to engage both technical and non-technical stakeholders.
  • Analytical mindset with the ability to solve complex problems and deliver secure solutions under tight deadlines.

Desirable Skills

• Hands-on experience with security risk management frameworks and vulnerability management tools.
• Familiarity with digital resilience, business continuity, and disaster recovery processes in alignment with DORA and ISO 22301.
• Experience in vendor management and third-party compliance assessments.

As part of our values, we embrace diversity and inclusion at Ingenico. We are an equal opportunity employer and do not discriminate on the basis of an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status or any other protected characteristic under applicable law, whether actual or perceived.Ingenico welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.We want to adapt our processes and create a safe work environment that welcomes everyone.To learn more about what it's like working inside Ingenico, follow us on LinkedIn