FinTech Australia
FinTech Australia
About
About Us
What is Fintech
Contact Us
Policy
Policy
Policy Working Groups
Events
Events Calendar
The Finnies
Intersekt Festival
Members
Corporate Partners
Fintech Careers
Jobs Board
eLearning
Resources
Ecosystem Map
Regulatory Map
Investor Map
EY Fintech Census
Services Directory
News
News
Podcast
Member Portal
FinTech Australia
FinTech Australia
About
About Us
What is Fintech
Contact Us
Policy
Policy
Policy Working Groups
Events
Events Calendar
The Finnies
Intersekt Festival
Members
Corporate Partners
Fintech Careers
Jobs Board
eLearning
Resources
Ecosystem Map
Regulatory Map
Investor Map
EY Fintech Census
Services Directory
News
News
Podcast
Member Portal
Folder: About
Folder: Policy
Folder: Events
Members
Corporate Partners
Folder: Fintech Careers
Folder: Resources
Folder: News
Member Portal
Back
About Us
What is Fintech
Contact Us
Back
Policy
Policy Working Groups
Back
Events Calendar
The Finnies
Intersekt Festival
Back
Jobs Board
eLearning
Back
Ecosystem Map
Regulatory Map
Investor Map
EY Fintech Census
Services Directory
Back
News
Podcast
hero

Companies you'll love to work for

131
companies
7,410
Jobs
For Employers
Add your job
listings
Contact Us
For Employers
Find Candidates
Directly
Talent Pool
For Candidates
Help Recruiters
Find You
Talent Network
Search 
jobs
Explore 
companies
My job alerts

Business information security officer

Ingenico Group

Ingenico Group

IT
Suresnes, France
Posted on Jan 14, 2025
Apply now

Ingenico is the global leader in payments acceptance solutions. As the trusted technology partner for merchants, banks, acquirers, ISVs, payment aggregators and fintech customers our world-class terminals, solutions and services enable the global ecosystem of payments acceptance. With 40 years of experience, innovation is integral to Ingenico’s approach and culture, inspiring our large and diverse community of experts who anticipate and help shape the evolution of commerce worldwide. At Ingenico, trust and sustainability are at the heart of everything we do.

Job Summary

The Business Information Security Officer (BISO) will act as the bridge between the cybersecurity organization and business units, ensuring cybersecurity priorities are integrated into business objectives and development processes. He will play a pivotal role in embedding security into business workflows, systems, and development lifecycles, ensuring end-to-end protection of critical assets—including the crown jewels. His role involves aligning cybersecurity with business strategies, managing risks, implementing robust controls, and driving reporting activities to track security posture.

Key Responsibilities

  1. Cybersecurity Business Alignment
    • Partner with business unit leaders to understand their goals, processes, and challenges, aligning cybersecurity strategies with business priorities.
    • Develop and implement security roadmaps that embed security into key business processes while safeguarding crown jewels (critical systems and sensitive data).
    • Act as the security advocate for business initiatives, ensuring security is part of the planning and implementation stages.
  2. Security in Development Lifecycles (SDLC)
    • Collaborate with development, DevOps, and product teams to integrate security across the software development lifecycle (SDLC), from planning to deployment.
    • Define and promote Secure by Design principles, ensuring security requirements are implemented in system architecture and application development.
    • Oversee secure coding practices, vulnerability management, and security testing (e.g., SAST, DAST, and penetration testing) to identify and address risks early.
    • Ensure deployment processes and CI/CD pipelines incorporate security controls, such as automated scans, code reviews, and secure containerization practices.
  3. Risk Management and Governance
    • Identify, assess, and manage cybersecurity risks specific to business units, ensuring risks are logged in the enterprise risk register and mitigated proactively.
    • Implement and oversee controls to manage and reduce risks to acceptable levels, ensuring alignment with frameworks like NIST CSF, ISO 27001, PCI DSS, and regulatory requirements.
    • Provide regular reporting on control effectiveness and risk posture to business and cybersecurity leadership.
  4. Control Implementation and Monitoring
    • Implement and monitor technical and procedural security controls to ensure compliance with policies and standards across systems, applications, and business processes.
    • Work with technical teams to conduct continuous monitoring, vulnerability scanning, and configuration compliance checks.
    • Oversee access control reviews, ensuring that permissions align with least privilege and zero trust principles, particularly for crown jewels.
    • Establish processes to measure and verify control effectiveness, driving remediation efforts when deviations or weaknesses are identified.
  5. Incident Management and Resilience
    • Collaborate with the incident response team to ensure business units and systems are prepared to respond to cyber incidents.
    • Support the development of playbooks for incident response processes tailored to business-critical systems and development pipelines.
    • Lead post-incident analysis and ensure findings are integrated into improved security controls and risk mitigation strategies.
  6. Cyber Resilience and Crisis Preparedness
    • Drive business unit participation in cyber crisis simulations and tabletop exercises to test incident readiness and resilience under various attack scenarios.
    • Collaborate with business continuity and disaster recovery teams to validate recovery capabilities for crown jewels and critical operations.
    • Ensure business leaders understand their roles and responsibilities during cyber crises.
  7. Security Metrics, Reporting, and Governance
    • Develop and implement a comprehensive security reporting framework to track performance, risks, and control effectiveness across the business units.
    • Produce regular reports and dashboards on key security metrics, including vulnerabilities, risk exposure, incident response readiness, and control compliance.
    • Provide insights and recommendations to business leaders based on data-driven analysis to continuously enhance security posture.
    • Ensure risks and compliance deviations are logged, tracked, and reported in alignment with enterprise governance processes.
  8. Security Awareness and Culture
    • Provide tailored security training for development, DevOps, and business teams on secure coding standards, threat modeling, and vulnerability management.
    • Foster a collaborative culture that promotes proactive identification and remediation of security risks within development and business processes.
    • Act as a trusted cybersecurity advisor, ensuring awareness of secure design principles and tools available to enforce security controls.
  9. Project and Change Management
    • Ensure cybersecurity requirements are integrated into development projects from inception, ensuring security is part of project milestones and delivery gates.
    • Conduct security reviews for new software, tools, and third-party vendors, ensuring compliance with internal security standards and control requirements.
    • Collaborate with change management teams to assess and mitigate risks associated with business process changes, deployments, and system upgrades.
  10. Regulatory Compliance & Security:
    • Ensure all payment terminal projects are designed, developed, and deployed in full compliance with PCI-DSS, NISv2, DORA, and ISO 27001 standards, addressing both technical and operational security requirements.
    • Collaborate with internal teams to develop and implement security and risk management controls, including the management of sensitive payment data in accordance with PCI-DSS.
    • Lead security audits and assessments (internal and external), ensuring findings are addressed and compliance is maintained throughout the project lifecycle.
    • Oversee the integration of cybersecurity controls related to ISO 27001 in Ingenico businesses and operational processes, ensuring the security management system is aligned with international best practices.

Key Requirements:

  • Education:
    • Bachelor’s degree in Cybersecurity, Information Technology, Engineering, or related field.
    • Certifications in project management (e.g., PMP, PRINCE2) and ISO 27001 Lead Implementer/Lead Auditor are strongly preferred.
  • Experience:
    • Minimum of 5 years of experience in managing projects within the cybersecurity or payment technology sectors, including at least 3 years working in regulated environments.
    • Proven expertise in managing complex, cross-functional projects while ensuring compliance with PCI-DSS, NISv2, DORA, and ISO 27001.
    • Experience in the development, deployment, or integration of secure payment terminals (hardware and software).
    • Familiarity with managing ISO 27001 certification processes and applying the principles of Information Security Management Systems (ISMS).
  • Skills:
    • Advanced knowledge of project management principles and methodologies, including Agile, Waterfall, and Hybrid approaches.
    • Strong understanding of cybersecurity controls, secure SDLC, DevSecOps practices, and continuous monitoring.
    • Experience in implementing and measuring security controls across business-critical systems and applications, including crown jewels.
    • In-depth knowledge of security frameworks such as NIST CSF, ISO 27001, PCI DSS, DORA and OWASP.
    • Expertise in managing security and risk assessments, vulnerability management, and the implementation of security controls.
    • Strong leadership, communication, and interpersonal skills, with the ability to engage both technical and non-technical stakeholders.
    • Analytical mindset with the ability to solve complex problems and deliver secure solutions under tight deadlines.

Desirable Skills:

  • Hands-on experience with security risk management frameworks and vulnerability management tools.
  • Familiarity with digital resilience, business continuity, and disaster recovery processes in alignment with DORA and ISO 22301.
  • Experience in vendor management and third-party compliance assessments.

As part of our values, we embrace diversity and inclusion at Ingenico. We are an equal opportunity employer and do not discriminate on the basis of an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status or any other protected characteristic under applicable law, whether actual or perceived.Ingenico welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.We want to adapt our processes and create a safe work environment that welcomes everyone.To learn more about what it's like working inside Ingenico, follow us on LinkedIn

Apply now
See more open positions at Ingenico Group
Privacy policyCookie policy
FINTECH AUSTRALIA

FinTech Australia exists to help our country become one of the world’s top markets for fintech innovation and investment.

IMPORTANT LINKS
  • Privacy Policy
  • Member Login
  • Join Fintech Australia
  • Contact Us
© 2023 FinTech Australia