Cybersecurity Governance Risk and Compliance Manager

Ingenico is the global leader in payments acceptance solutions. As the trusted technology partner for merchants, banks, acquirers, ISVs, payment aggregators and fintech customers our world-class terminals, solutions and services enable the global ecosystem of payments acceptance. With 40 years of experience, innovation is integral to Ingenico’s approach and culture, inspiring our large and diverse community of experts who anticipate and help shape the evolution of commerce worldwide. At Ingenico, trust and sustainability are at the heart of everything we do.  

Job Summary

The GRC Manager will lead the Governance, Risk, and Compliance function, ensuring a cohesive and strategic approach to managing cybersecurity risks and regulatory requirements. He will define and manage the organization’s Crown Jewels Protection Framework, oversee the implementation of global compliance frameworks, maintain the enterprise risk register, and respond to both internal and external security demands, including PCI DSS, cyber insurance requirements, and other regulatory standards. He will act as a key advisor to senior leadership on compliance, risk, and governance matters.

Key Responsibilities

1. Governance:

• Develop, implement, and continuously improve the company’s information security governance framework to ensure alignment with industry best practices, regulatory requirements, and organizational goals.
• Define and oversee the Crown Jewels Protection Framework, identifying critical assets and implementing appropriate controls to safeguard them.
• Establish and enforce security policies, standards, and guidelines across the organization, aligned with NIS2, DORA, PCI DSS, and other relevant regulatory frameworks..

2. Risk Management:

• Maintain and continuously improve the organization’s risk register, documenting identified risks, mitigation strategies, and ongoing treatment plans.
• Implement a risk management process that ensures alignment with the organization’s goals and regulatory requirements.

3. Compliance :

• Ensure adherence to key regulatory frameworks and standards, including PCI DSS, ISO 27001, GDPR, NIS2, DORA and other relevant requirements for payment systems and terminals.
• Respond to detailed customer security questionnaires and audits, showcasing the organization’s security posture effectively.
• Lead efforts to harmonize multiple compliance frameworks (e.g., ISO, NIST, PCI DSS, DORA, NIS2  ) into an integrated approach.

4. Operational Efficiency :

• Establish key metrics and dashboards to monitor compliance, risk, and governance performance.
• Stay informed on emerging cybersecurity regulations, frameworks, and best practices to advise on potential impacts.

Qualifications

• Bachelor’s degree in Information Security, Risk Management, Computer Science, or a related field.
• At least 5-7 years of experience in information security, governance, and compliance, with significant experience in regulated environments such as payment systems, finance, or healthcare.
• Experience managing governance frameworks and compliance programs with a strong focus on security regulations like PCI DSS, NIS2, and DORA.

• Regulatory Expertise: In-depth knowledge of NIS2, DORA, PCI DSS, and other relevant regulations and standards, especially in the context of payment systems and financial services.
• Governance & Risk Management: Strong experience in designing and managing information security governance frameworks and risk management programs.
• Compliance Auditing: Proven ability to conduct or manage internal and external audits, ensuring compliance with security policies and regulatory requirements.
• Policy Development: Experience in the development, implementation, and enforcement of security policies, standards, and procedures.
• Stakeholder Management: Ability to work with a variety of stakeholders, including senior executives, auditors, regulatory bodies, and third-party vendors.

• Risk Management Tools: Familiarity with tools and frameworks for risk assessment, management, and mitigation.
• Security Technologies: Understanding of security technologies and controls, such as encryption, firewalls, identity management, and secure payment solutions.

Key Competencies

• Leadership: Ability to lead and influence cross-functional teams, ensuring alignment with governance and compliance objectives.
• Analytical Thinking: Strong analytical skills to assess risk, evaluate security controls, and ensure regulatory compliance.
• Communication: Excellent verbal and written communication skills, with the ability to present complex security issues to both technical and non-technical stakeholders.
• Problem Solving: Capacity to identify security gaps, propose solutions, and drive improvements across the organization.

As part of our values, we embrace diversity and inclusion at Ingenico. We are an equal opportunity employer and do not discriminate on the basis of an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status or any other protected characteristic under applicable law, whether actual or perceived. Ingenico welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process. We want to adapt our processes and create a safe work environment that welcomes everyone.To learn more about what it's like working inside Ingenico, follow us on LinkedIn