GRC (Governance, Risk & Compliance) InfoSec Manager

Why Choose Bottomline?Are you ready to transform the way businesses pay and get paid? Bottomline is a global leader in business payments and cash management, with over 35 years of experience and moving more than $16 trillion in payments annually. We're looking for passionate individuals to join our team and help drive impactful results for our customers. If you're dedicated to delighting customers and promoting growth and innovation - we want you on our team!The RoleBottomline is looking for a GRC (Governance, Risk & Compliance) InfoSec Manager to grow with us in a Hybrid work environment out of our Portsmouth, NH office! We are open to considering this person to work remotely.Candidates for this position must be authorized to work in the United States on a full-time basis for any employer without restriction.Visa sponsorship will not be provided for this position.This role reports to the Information Security Governance, Risk and Compliance (GRC) Senior Director and will work across all the product and technology teams to strengthen and enforce Bottomline’s information security posture.As the Information Security GRC consultant, you will be responsible for building trust and confidence among our clients on the information security posture. This role also involves working closely with stakeholders to ensure adherence to regulatory requirements and security frameworks (e.g., SWIFT, NACHA, PCI, NIST, GLBA).What You Will Do Governance – work with key stakeholders to develop, implement and enhance the information security policies, standards, and processes in alignment with regulatory requirements and security frameworks (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Execute governance routines and reporting to ensure compliance with required policies and standards.Risk Management – build and maintain a control library for enterprise-wide controls and product specific controls. Maintain the risk register (issues and risk acceptances) to ensure effective tracking, prioritization, and reporting of risks. Process risk acceptances to ensure they are appropriately rated with sufficient mitigating controls.Compliance – Coordinate assessments to ensure compliance with applicable regulations and industry requirements (e.g., SWIFT, NACHA, PCI, NIST, GLBA).Client Support - Gather, assess, and present the information security posture to customer (i.e., completion of request for information, contract language reviews, completion of due diligence questionnaires etc.).Education and Awareness – develop and deliver information security awareness and trainingWhat will make you successful: 8+ years of experience in Cybersecurity and Risk Management.6 + years of experience in managing people.Bachelor’s degree or related experience.In depth knowledge of regulations and industry requirements (e.g., SWIFT, NACHA, PCI, NIST, GLBA).Nice to HaveCyber certifications (e.g., CISSP, CISA) or equivalentWhat We Offer: Competitive salary and benefits package.Opportunities for professional growth and advancement.A collaborative and innovative work environment.Flexible working arrangements.#LifeAtBottomline