GRC InfoSec Manager

Why Choose Bottomline?

Are you ready to transform the way businesses pay and get paid? Bottomline is a global leader in business payments and cash management, with over 35 years of experience and moving more than $16 trillion in payments annually. We're looking for passionate individuals to join our team and help drive impactful results for our customers. If you're dedicated to delighting customers and promoting growth and innovation - we want you on our team!

The Role

Bottomline is looking for a GRC (Governance, Risk & Compliance) InfoSec Manager to grow with us in a Hybrid work environment out of our Portsmouth, NH office! We are open to considering this person to work remotely.

Candidates for this position must be authorized to work in the United States on a full-time basis for any employer without restriction.

Visa sponsorship will not be provided for this position.

This role reports to the Information Security Governance, Risk and Compliance (GRC) Manager and will work across all the product and technology teams to strengthen and enforce Bottomline’s information security posture.

As the Information Security GRC consultant, you will be responsible for building trust and confidence among our clients on the information security posture. This role also involves working closely with stakeholders to ensure adherence to regulatory requirements and security frameworks (e.g., SWIFT, NACHA, PCI, NIST, GLBA).

What You Will Do 

• Governance – work with key stakeholders to develop, implement and enhance the information security policies, standards, and processes in alignment with regulatory requirements and security frameworks (e.g., SWIFT, NACHA, PCI, NIST, GLBA). Execute governance routines and reporting to ensure compliance with required policies and standards.

• Risk Management – build and maintain a control library for enterprise-wide controls and product specific controls. Maintain the risk register (issues and risk acceptances) to ensure effective tracking, prioritization, and reporting of risks. Process risk acceptances to ensure they are appropriately rated with sufficient mitigating controls. 

• Compliance – Coordinate assessments to ensure compliance with applicable regulations and industry requirements (e.g., SWIFT, NACHA, PCI, NIST, GLBA).

• Client Support - Gather, assess, and present the information security posture to customer (i.e., completion of request for information, contract language reviews, completion of due diligence questionnaires etc.).

• Education and Awareness – develop and deliver information security awareness and training 

What will make you successful: 

• 8+ years of experience in Cybersecurity and Risk Management.

• 6 + years of experience in managing people. 

• Bachelor’s degree or related experience.

• In depth knowledge of regulations and industry requirements (e.g., SWIFT, NACHA, PCI, NIST, GLBA).

Nice to Have 

• Cyber certifications (e.g., CISSP, CISA) or equivalent 

What We Offer: 

• Competitive salary and benefits package. 

• Opportunities for professional growth and advancement. 

• A collaborative and innovative work environment. 

• Flexible working arrangements. 

#LifeAtBottomline

#LI-DNI

We welcome talent at all career stages and are dedicated to understanding and supporting additional needs. We're proud to be an equal opportunity employer, committed to creating an inclusive and open environment for everyone.