Information Security Senior Consultant GRC

This role reports to the Information Security Governance, Risk and Compliance (GRC) Manager and will work across all the product and technology teams to strengthen and enforce Bottomline s information security posture.

As the Information Security GRC consultant, you will be responsible for building trust and confidence among our clients on the information security posture. This role also involves working closely with stakeholders to ensure adherence to regulatory requirements and security frameworks (e.g., SWIFT, NACHA, PCI, NIST, GLBA).

Essential Functions and Responsibilities:

• Governance - work with key stakeholders to develop, implement and enhance the information security policies, standards and processes in alignment with regulatory requirements and security frameworks (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Execute governance routines and reporting to ensure compliance with required policies and standards.
• Risk Management - build and maintain a control library for enterprise-wide controls and product specific controls. Maintain the risk register (issues and risk acceptances) to ensure effective tracking, prioritization and reporting of risks. Process risk acceptances to ensure they are appropriately rated with sufficient mitigating controls.
• Compliance - Coordinate assessments to ensure compliance with applicable regulations and industry requirements (e.g., SWIFT, NACHA, PCI, NIST, GLBA).
• Client Support - Gather, assess and present the information security posture to customer (i.e., completion of request for information, contract language reviews, completion of due diligence questionnaires etc.).
• Education and Awareness - develop and deliver information security awareness and training

Required Experience & Qualifications

• 6+ years of experience in Cybersecurity and Risk Management
• Bachelor s degree
• In depth knowledge on regulations and industry requirements (e.g., SWIFT, NACHA, PCI, NIST, GLBA).

Preferred Experience & Qualifications

• Cyber certifications (e.g., CISSP) or equivalent

Role:

Industry Type:

Department:

Employment Type:

Role Category:

Education

UG:

PG: