BASYS ProcessingGrow with a team that leads with service and builds with purpose At Basys we believe success is built on relationships not transactions We collaborate solve challenges head on and raise the bar for ourselves and each other every day If youre energized by meaningful work and motivated to make a real impact youll feel right at home here We personalize payments and elevate service so our clients can grow with confidence And were building a company where innovation care and accountability shape how we work together Summary The Information Security Manager is responsible for leading and executing the organizations information security program balancing governance compliance and hands on technical security responsibilities This role provides leadership to a team of security associates while partnering closely with IT Engineering and business stakeholders to identify manage and reduce security risk The Information Security Manager ensures compliance with regulatory and customer security requirements supports secure operations across systems and platforms and contributes to a strong culture of security awareness and accountability across the organization Employees in this role are expected to perform their duties in accordance with The Way We Work helping to create a company where innovation and care drive meaningful connections Duties &
Responsibilities Essential Functions Develop implement and maintain the companys information security program including security policies standards and control objectivesProvide leadership and day to day management for an assigned team of security associates including work direction coaching performance feedback and support of professional developmentConduct and lead information security risk assessments across applications infrastructure and third parties; maintain a risk management framework to identify assess document prioritize and track remediation of security risksOversee and perform as needed threat detection vulnerability management and incident response activities including investigation coordination root cause analysis remediation tracking and post incident reviewsOwn and manage the PCI DSS compliance lifecycle including control implementation and validation assessment coordination evidence collection and remediation of findingsLead SOC 2 readiness audits and ongoing compliance by maintaining control documentation and mappings coordinating evidence collection with cross functional teams and serving as the primary liaison to external auditors and assessorsAssess monitor and report third party and vendor security risk including due diligence reviews security requirement input and ongoing risk monitoring as applicableProvide hands on security support for cloud and networked environments eg Azure and application networking including reviewing configurations recommending or implementing security controls and partnering with IT and Engineering to remediate identified issuesPartner with Engineering to implement and validate application security requirements eg OWASP aligned controls support secure development practices identify security gaps and track remediation to closure Additional Responsibilities Manage security awareness and training to support required policies acceptable use practices and security responsibilities across the organizationSupport initiatives that enhance the security of associates partners systems and integrations through collaboration adherence to security practices and continuous improvementWork collaboratively with internal departments to support secure operations and a high standard of service for internal and external stakeholdersContribute to the onboarding and training of new associates by sharing security practices standards and role appropriate guidancePromote and reinforce appropriate workplace behavior in accordance with company policies procedures and management guidanceResolve routine and moderately complex issues within scope of responsibility and communicate resolutions or required information to impacted partiesTo remain innovative and efficient the use of AI is typical and expected within this role and at Basys Perform other related duties as assigned consistent with the nature and level of the role Requirements This role is eligible for a hybrid schedule Up to 2 days per week may be worked remotely in accordance with the telecommuting policyA commitment to Strong communication both written and verbal with ability to translate security to business stakeholdersStrong problem solving skills and use of judgement Accountability and ownership for assigned tasks and follow throughQuality accuracy and attention to detail Continuous improvement and learning Education &
Experience Bachelors degree in Computer Science Information Technology Business Administration or other related fields is preferred58 years in information security cybersecurity or GRC2 4 years management experienceExperience with PCI DSSExperience with SOC 2 auditsreadinessFamiliarity with frameworks like NIST CSF and ISO 27001Experience with security toolsvendors SIEM endpoint vulnerability management BASYS provides direct credit and debit card processing solutions for businesses across the country We treat our team clients and vendors like people not numbers BASYS is proud to maintain a 90 customer retention rate of clients that continue to process in an industry where retention rates often average closer to 70 to 75 We feel that this is a perfect example of how our customer oriented business model sets us apart BASYS is an equal opportunity employer
Interested in this role?