Information Security Lead, Europe

Your role is responsible for monitoring, reacting and reporting on information security events as well as supporting the management of security operations activities within the core business lines in the U.K., Europe, Australia and New Zealand. You will provide governance and support for regulatory and industry compliance requirements, facilitate audit activities and direct remediation efforts to ensure compliance and security best practices, and serve as a trusted security advisor.

Role and Responsibilities

• The business information security officer (BISO) serves as a trusted security advisor to lines of business and IT leadership.
• The BISO understands security risks and technologies and is able to effectively communicate them to business and IT units.
• The BISO works in tandem with the business across multiple services and platforms to address risk, while advising business leaders to ensure they are making decisions with security in mind.
• The BISO is an advanced role supporting the cybersecurity program, providing leadership, executive support, and strategic and tactical guidance for a world-class cybersecurity program supporting enterprise security initiatives.
• Serve as a trusted advisor to business unit and IT leadership.
• Act as a liaison to ensure cybersecurity practices are built into business unit initiatives for the entire lifecycle.
• Work closely with security leadership to instill cybersecurity policies and practices throughout business units to address security operations, incident response, application security and infrastructure.
• Be actively informed and engaged in security projects across the business.
• Provide disaster recovery and business continuity planning advice when working with leaders for business and cybersecurity resiliency.
• Enforce the strong security culture set forth by the CISO, ensuring uniformity across security leadership, business units and employees.
• Advise business units on enterprise-wide people, process and technology security recommendations.
• Maintain up-to-date knowledge related to security threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units.
• Identify and document threats and vulnerabilities that may impact the business and address them regularly with business units.
• Provide motivation to business units to adopt cybersecurity controls.
• Build relationships with business units to deliver security-by-design controls incorporated into projects, architecture, infrastructure and applications.
• Stay abreast of new laws, regulations and standards, and assess their impact to the business.
• Support the effort to maintain security requirements for regulatory bodies such as PCI, SOX, GDPR, and ISO standards.
• Lead the effort to ensure appropriate monitoring is in place and react quickly to security incidents using multiple sources and tools (e.g. SIEMs, vulnerability scans Firewalls and IPS, etc.).
• Support and facilitate the development of an information security risk management program and knowledgeable in various risk assessment methodologies within the line of businesses.
• Perform other duties as assigned.

Qualifications and Education Requirements

• At least 10+ years of technical information security experience including but not limited to vulnerability assessment, intrusion detection, incident response, forensics, system audit, firewall management and support to compliance audits (e.g. PCI-DSS, SOX, ISO27001, etc.).
• At least 5 years’ experience working with business leadership and enterprise projects.
• Experience managing projects and deliverables in a complex matrix.
• Must understand and demonstrate following security technology and concepts: File Integrity Monitoring, Firewalls and IPS functionality, server hardening, security incident qualifiers, risk assessment ranking, application security concepts and protocols, network level security concepts, data encryption standards and implementation, cloud security and auditing.
• Minimum of 3 years of IT and/or Information Security compliance and audit support (e.g. PCI DSS, SOX, SSAE18, GDPR, etc.).
• High level of integrity, trustworthiness and confidence, and able to represent the company and security leadership with the highest level of professionalism.
• Bachelor’s degree in IT or Information Security, CISSP, CRISC, CISA, or other relevant certification.

Additional Notes

• Ideal candidates will be a self-starter, can manage multiple projects/initiatives at once, with experience in multiple information security management and monitoring tools as well as navigating a variety of industry and international regulatory frameworks.
• Work in fast-paced highly technical environment.
• Strong verbal and written communication skills with the ability to effectively communicate and articulate information security and compliance related topics and strategies to both peers and senior leadership.

Corpay is dedicated to encouraging a supportive and inclusive culture among our employees. It is within our best interest to promote diversity and eliminate discrimination in the workplace. We seek to ensure that all employees and job applicants are given equal opportunities.