Information Security Officer (ISO)

Working under the responsibility of the Chief Technology Officer (who has the CISO responsibility of the company), the ISO is responsible for the daily management of:

  • the Security Certification program towards members of the Bancontact Scheme;
  • the internal Security Architecture and Services Certification;
  • the Security Office for the Bancontact Scheme;

Additionally, the ISO being the IT-Security Specialist in the organization, he is the internal technical reference for all IT-Security questions/decisions.

The ISO reports to the CTO and is part of the AT&S (Architecture, Technology and Security) team.

Main responsibilities

The ISO (70%)

  • As manager of the Security Certification program for the Bancontact Scheme. (30%, 2 days a month travel)
    • Keeps the internal and external documentation and procedures of the Bancontact Security Certification Program up-to-date.
    • Oversees and co-organizes, with the Certification Manager, the execution of the Bancontact Security Certification program
    • Performs Bancontact Security Certifications (as an auditor) himself, and signs off for each full Security Certification together with the Certification Manager.

This function is equivalent to a PCI-DSS Qualified Security Assessor for Bancontact scheme.

    • Acts as a contact point for Bancontact Members and Certificate Holders for IT-security- and fraud-related questions.
  • Internal Security Architecture and Certification manager (20%)
    • Manage the security architecture of Bancontact internal services (Mobile Application & backend, 3DS Directory Server, Scheme Switch,..)
    • Keeps the internal and external documentation and procedures of the Bancontact Payconiq Mobile Security Certification Program up-to-date.
    • Oversees and co-organizes, with BPC project managers, the execution of the Bancontact Payconiq Security Certification program, interpreting security certification results of internal services and Bancontact Payconiq Mobile Payment ecosystem.
  • The ISO also participates in the internal R&D of Bancontact Payconiq Company (10%)
    • Designing & architecture of new solutions, protocols, adoption of security standards, …
    • Implementing proof-of-concepts, small tools (scripts, programs, apps) and maintaining them.
  • In a combination of the roles above, the ISO (10%)
    • Prepares, reviews and follows-up of the budget of the Security Office and the security-related internal activities such as security awareness, audits and pen testing on BPC’s IT-infrastructure.
    • Contributes to the set of Bancontact rulebooks, either drafting as primary author for the functions he manages himself, either drafting or reviewing as a contributor for internal and external projects.
    • is representing Security in the various internal scheme committees.
    • Proactively suggests security improvements throughout the company.
    • Participates in expert organizations such as the ECPA security working group, PCI mobile security working group, etc, representing Bancontact Payconiq Company and gathering relevant information on security trends in the payment world.

The Bancontact Security Office Manager (10%)

  • As manager of the Security Office (PKI) function within Bancontact Payconiq Company
    • Manages and follows up the Security Office operations
    • Executes Security Offices processes, together with his backup
    • Defines, document and continuously improves the following Security Office processes:
      • external towards the Bancontact Members and Certificate Holders;
      • internal, implementing BPC’s role as registration authority and key custodian of the Security Office;
      • external towards the Security Office technical provider (Worldline);
      • internal, implementing internal functions such as Mobile Support content signing, managing access to BPC-managed production services, managing a secured credential storage, etc.
    • Participates in the execution of the Security Office service as a key custodian.

IT-security specialist within Bancontact Payconiq Company (20%)

    • Acts as an internal security consultant, providing advice to any business unit in the company, on IT-security risks, IT-security best practices, IT-cryptographic protocols and technology. He also provides IT-security advice in internal and external projects, including security audits.
    • Assumes an overview/auditing role in BPC’s Office365 environment.
    • Organizes, together with others, Security Awareness sessions, material and activities.
    • Manages the internal BPC IT-Security Policies.
    • Assists, during internal security incidents, in assessing the root cause, the damage done, and how to mitigate the exposed risk/weakness.

Desired skills & experience

  • Specialist in IT-security, cryptography, payment cards and protocols, … 
  • Ability to take responsibility for a large variety of tasks, but able to prioritize work 
  • Experience in Public Cloud Infrastructure Security. (AWS Security certification track is a plus or will be sponsored during the start period)
  • Capacity to obtain a helicopter view on an IT-system, to make abstraction of details while focusing on security essentials
  • Highly analytical mind, advanced problem-solving skills
  • Organized, autonomous, and pragmatic
  • Very knowledgeable on commonly used software and operating systems in office environments
  • Programming and scripting skills are a plus
  • Skills and patience to explain complex problems / requirements to non-technical people, providing security guidance to the entire team, present to an audience
  • Fluency in Dutch and/or French and English is required

Our company

Bancontact Payconiq Company is a leading Belgian debit-card payment scheme with ambition ... 

Our product proposition 
Deliver convenient and safe payments for everyday things, anywhere, anytime, in the most effective way

Our brand personality
Sincere, reliable, inclusive and up-to-date

Our mission
Make our users worry-free. For them to feel secure and protected. We make paying easy !

Are you eager to strive for excellence, do you like a challenge and would you like to be part of a dynamic team?

Then make sure to send your CV and cover letter by e-mail to [email protected].