Ingenico is the global leader in payments acceptance solutions. As the trusted technology partner for merchants, banks, acquirers, ISVs, payment aggregators and fintech customers our world-class terminals, solutions and services enable the global ecosystem of payments acceptance. With 40 years of experience, innovation is integral to Ingenico’s approach and culture, inspiring our large and diverse community of experts who anticipate and help shape the evolution of commerce worldwide. At Ingenico, trust and sustainability are at the heart of everything we do.
Role overview
The Regional Chief Security Officer (R-CSO) is responsible for implementing, controlling, and continuously improving the Group’s global security strategy within his designated region. Acting as the senior security leader locally, the R-CSO ensures alignment with global policies while addressing regional needs, regulatory requirements, and customer expectations. With cybersecurity as the primary focus, this role also encompasses operational and industrial security as well as physical protection of people and assets, business continuity and crisis management. This role is both operational and strategic, requiring strong leadership, communication, and influence skills.
As part of the Group’s second line of defense, the R- CSO ensures independent oversight, control, and challenge of security practices implemented by the business and operations teams.
Key Responsibilities:
1. Governance, Risk & Compliance
2. Apply, deploy, and monitor the Group’s security policies and standards within the region, ensuring alignment with global frameworks.
3. Evangelizing on cybersecurity, addressing Executives, Senior leaders and Representing Ingenico in external Information Security communities.
4. Organize and manage risk security committees for the Region, providing regular risk reports and key metrics to the Group CSO and regional leadership team.
5. Incident, Crisis Management and Business Continuity
6. Own all security incidents in the region, ensuring effective response, escalation, and communication.
7. Act as regional crisis leader, coordinating with Incident management organization, Group CSO, local management, and authorities.
8. Control the effectiveness of incident, crisis, and business continuity response plans through testing, drills, and independent reviews.
9. Customer & Partner Engagement
10. Act as the primary security point of contact for regional customer questionnaires and audits, RFPs, and due diligence activities.
11. Support business development by demonstrating the Group’s security posture
12. Build trusted relationships with partners and external stakeholders on security matters.
13. Provide independent oversight of third-party and supply chain security in the region.
14. Coordinate with internal stakeholders for such matters
15. Communication, Awareness & Culture
16. Serve as a trusted advisor and business partner to regional executive management, translating technical risks into business impacts.
17. Lead cultural change and regional awareness campaigns across cybersecurity, industrial, and physical domains.
18. Represent the Group at regional industry events, regulatory forums, and standardization bodies to influence and anticipate evolving requirements.
19. Liaise with local and regional authorities (e.g., regulators, law enforcement, CSIRTs) on security topics.
20. Physical & People Security
21. Oversee the security of facilities, assets, and employees in the region.
22. Control and monitor programs for access control, surveillance, executive protection, and insider risk management.
Key Requirements:
23. Education:
24. Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
25. Advanced certifications such as CISSP, CISM, CISA, or ISO 27001 Lead Implementer/Lead Auditor are highly preferred.
26. Experience:
27. Minimum of 10 years of experience in information security, with at least 5 years in senior leadership roles (e.g., CISO, Director of Information Security).
28. Proven experience in managing information security for regulated industries, particularly in the payment solutions or financial services sectors.
29. In-depth knowledge of global security frameworks and standards such as PCI-DSS, ISO 27001, NISv2, and DORA.
30. Strong experience in leading cross-functional teams to design, develop, and implement secure payment terminals and related systems.
31. Hands-on experience with security certifications, audits, and assessments related to ISO 27001, PCI-DSS, and other applicable regulatory frameworks.
32. Skills:
33. Expertise in information security management, including risk assessment, vulnerability management, security architecture, and secure coding practices.
34. Strong leadership and team-building abilities, with a proven track record of leading security teams and projects.
35. Exceptional communication skills, with the ability to communicate complex security concepts to both technical and non-technical stakeholders.
36. Deep understanding of incident response and crisis management, particularly related to payment systems and customer data protection.
37. Proficiency in cybersecurity technologies, such as firewalls, encryption, intrusion detection/prevention, SIEM, and other tools relevant to securing payment terminals.
Desirable Skills:
38. Experience with cloud security, network security, and endpoint security technologies in the context of payment systems.
39. Familiarity with digital resilience, business continuity planning, and disaster recovery processes in alignment with DORA.
40. Good Knowledge on Cloud solutions and O365 security
41. Experience in third-party risk management and ensuring compliance across the supply chain for third-party vendors, particularly in the context of hardware and software used in payment terminals.