About Us:
The payments market is the most exciting technology market in the world today for good reason. McKinsey values it globally at over $2 trillion and it’s growing between 13-15% year-on-year. Some of the largest most dynamic brands are investing in this sector; Apple has ApplePay, Google has GooglePay, Amazon has AmazonPay, and it’s not just the Silicon Valley brands. Tencent owns WeChatPay, Alibaba owns Alipay and digital disruptors like Square, Stripe and Adyen all invest millions to grow the payments market.
Planet are a technology company that’s transforming payments by putting the customer experience first. We help our customers deliver a better experience for guests, shoppers, and consumers everywhere. We operate in a market that continues to evolve and expand, partnering with the world’s most prestigious brands across Retail and Hospitality, and with a network of Financial Services partners worldwide.
To meet consumer demands, payments must be simple, safe, and invisible. The only way to do this is to fully embed payments in the software that runs business. By combining software and payment technology, Planet’s creating a world of connected commerce, that makes payments feel good.
We’re growing organically, and with strong Private Equity investors, Advent International and Eurazeo, we’ve the financial capital and expertise to grow our capabilities and reach through acquisition.
Function Overview:
The Planet technology team is driving the modernization of the core infrastructure that is revolutionizing how the global hospitality, retail and connected commerce industry operates. We work with the latest technologies using modern design, development, and delivery practices. Our teams excel at being on the forefront of transforming the connected commerce industry.
Role Overview:
The Chief Information Security Officer serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organization's information security policies.
A key element of the CISO's role is working with executive management to determine acceptable levels of risk for the organization.
This position is responsible for establishing and maintaining a corporate-wide information security management program to ensure that information assets are adequately protected.
-
Develops an information security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensures senior stakeholder buy-in and mandate
- Develops, implements and monitors a strategic, comprehensive information security program to ensure appropriate levels of confidentiality, integrity, availability, safety, privacy and recovery of information assets owned, controlled or/and processed by the organization
- Works effectively with business units to facilitate information security risk assessment and risk management processes, and empowers them to own and accept the level of risk they deem appropriate for their specific risk appetite
- Facilitates an information security governance structure through the implementation of a governance framework, including the formation of an information security governance forum
- Provides regular reporting on the current status of the information security program as part of a strategic enterprise risk management program supporting business outcomes
- Develops, socializes and coordinates approval and implementation of security policies
- Understands and interacts with related disciplines to ensure the consistent application of policies and standards across all technology projects, systems and services, including privacy, risk management, compliance and business continuity management
- Provides clear risk mitigating directives for projects with components in IT, including the mandatory application of controls
- Directs the creation of a targeted information security awareness training program for all employees, contractors and approved system users, and establishes metrics to measure the effectiveness of this security training program
- Develops and enhances an up-to-date information security management framework based on industry standard practices
- Creates and manages a unified and flexible, risk-based control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations
- Develops and maintains a document framework of continuously up-to-date information security policies, standards and guidelines. Oversees the approval and publication of these information security policies and practices
- Creates a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets
- Facilitates a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitates appropriate resource allocation, and increases the maturity of the information security, and reviews it with stakeholders at the executive and board levels
- Builds and nurtures external networks consisting of industry peers, ecosystem partners, vendors and other relevant parties to address common trends, findings, incidents and cyber security risks
- Liaises with external agencies, such as law enforcement and other advisory bodies, as necessary, to ensure that the organization maintains a strong security posture and is kept well-abreast of the relevant threats identified by these agencies
- Liaises with the enterprise architecture team to build alignment between the security and enterprise (reference) architectures, thus ensuring that information security requirements are implicit in these architectures and security is built in by design
- Leads the information security function across Planet to ensure consistent and high-quality information security management in support of the business goals
- Determines the information security approach and operating model in consultation with stakeholders and aligned with the risk management approach and compliance monitoring of non-digital risk areas
- Manages the budget for the information security function, monitoring and reporting discrepancies
- Manages the cost-efficient information security organization. This includes hiring, training, staff development, performance management and annual performance reviews
- Creates a risk-based process for the assessment and mitigation of information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties
- Works with the compliance staff to ensure that all information owned, collected or controlled by or on behalf of the company is processed and stored in accordance with applicable laws and other global regulatory requirements, such as data privacy
- Collaborates and liaises with the data privacy officer to ensure that data privacy requirements are included where applicable
- Defines and facilitates the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of treatment efforts to address negative findings
- Ensures that security is embedded in the project delivery process by providing the appropriate information security policies, practices and guidelines
- Manages and contains information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company's reputation
- Monitors the external threat environment for emerging threats, and advises relevant stakeholders on the appropriate courses of action
- Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas
-
Degree in business administration or a technology-related field required.
- Professional security management certification.
- Minimum of eight to 12 years of experience in a combination of risk management, information security and IT jobs · Strong knowledge of enterprise architecture frameworks such as TOGAF, Zachman.
- Knowledge of common information security management frameworks, such as PCI, GDPR, NIST and COBIT.
- Experience of M&A activity.
- Excellent written and verbal communication skills and high level of personal integrity.
- Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams.
- Experience with contract and vendor negotiations and management including managed services.
- Specific experience in Agile (scaled) software development or other best in class development practices.
- Experience with Cloud computing/Elastic computing across virtualized environments
Planet is an equal opportunity employer where diversity is valued, and all employment is decided based on qualifications, merit, and business need.
Come and grow your career in the most exciting, fast paced technology market, with a business that delivers feel-good connected commerce. We would love to hear from you – Apply now.