VP, Information Security
Paya provides simple, secure technology options enabling businesses to accept payments, get paid faster and increase efficiency. Paya’s seamless, easy-to-use payments platform supports every stage of a business’ growth today, tomorrow and beyond. With more than 100,000 clients and two decades’ delivering smart, easily integrated business solutions, Paya has a proud and proven track record. We are all about growth and success for our partners and their customers.
The VP, Information Security is responsible for establishing and maintaining an Enterprise-wide information security program to ensure Paya is compliant with PCI and HIPPA. Additionally, Paya will take best in class action to ensure that Paya is protected from bad actors inside and outside of the business.
The VP, Information Security will lead the efforts of evaluating and reporting information security risks, develop proactive programs to prevent, detect and protect the company’s assets, will work proactively with the business and technology teams to implement practices that meet defined policies and standards for information security and oversees all IT risk management activities. This role serves as the process owner of all ongoing activities related to the availability, integrity, and confidentiality of customers, business partners, employees and business information, in compliance with the organization's information security policies.
A key element of this role is to work with executive management to determine acceptable levels of risk for the organization.
The VP, Information Security position requires a visionary leader with strong skills in technology and business management. This role requires an integrator of people and processes, a thought leader, a problem solver, an effective consultant and solid domain competency in the field of information security. This role must be highly knowledgeable about the business environment and must ensure that all information systems are maintained in a fully functional, secure mode.
- Manage and direct PCI and HIPPA compliance initiatives across all Paya business units
- Set compliance rules and regulations
- Review systems and designs for security gaps
- Recommend solutions and long-term security measures Paya should be working on
- Set strategic direction for securing Paya’s infrastructure
- Prepare and maintain an intrusion detection and intrusion response process
- Develop, implement and monitor a strategic, comprehensive enterprise-wide Information Technology security and risk management program to ensure the integrity, confidentiality, and availability of information owned, controlled or processed by the organization
- Develop, maintain and execute a proactive Information Security Strategy that evolves with the business
- Provide expert leadership in the development, implementation, and maintenance of an information security program and associated infrastructure which entails the monitoring of information security trends internal and external to the organization and keeping senior management informed about information security-related issues that could affect the organization
- Manage the enterprise's IT Security organization, consisting of direct reports and indirect reports (such as individuals in other areas of IT) including providing security guidance, hiring, training, staff development, and performance management
- Provide guidance and advocacy regarding prioritization of IT investments and practices that impact information security and risk including the management of the information security budget
- Create and manage information security/ risk management awareness and training programs for all employees, contractors and approved system users
- Identify acceptable levels of risk, while balancing business needs, and establish roles and responsibilities regarding information classification and protection
- Provide strategic and tactical security guidance for all IT projects and practices, including the evaluation and recommendation of technical security and contractual controls. Work with the enterprise architecture and development teams to ensure security is implemented in the strategic architecture and new software development,
- Ensure that security programs are following applicable laws, regulations, and policies to minimize or eliminate risk and audit findings
- Create and facilitate the information security risk assessment and threat and vulnerability processes, including reporting and oversight of remediation efforts to address negative findings
- Ensure the Corporation maintains an effective Cybersecurity program to protect critical IT assets and customer and corporate data.
- Assist various teams in the investigation of security incidents and events to protect corporate IT assets, including intellectual property, confidential data, and other IT fixed assets while protecting the company's reputation. As necessary, lead the real-time management of firm’s response to and resolution of an IT security event or breach.
- Develop operational and strategic relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program
- Responsible for the direction, coordination and execution of business continuity and disaster recovery plans with businesses and IT organization
- Plan and coordinate internal and third-party led test, assessments and audits of IT security capabilities.
Qualifications and Requirements:
- Direct experience in leading best-in-class IT security function in organizations which are compliant in PCI and HIPPA
- 3 years of PCI Audit experience
- 5 years of interaction with a QSA or similar auditor
- Ability to interact professionally with colleagues and/or customers for different purposes in different contexts
- Ability to collaborate across the organization
- Maintain composure under pressure
- Ability to comprehend and follow verbal or written instructions
- Effective verbal and written communication
- Certified Information Systems Auditor (CISA) or Certification for the Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM)
- Bachelor’s degree
Paya is proud to be an Equal Employment Opportunity and Affirmative Action employer. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.
- Pay Type Salary
- Atlanta, GA, USA