Bottomline is at the forefront of digital transformation. We are a growing global market leader uniquely equipped to address the changing needs of how businesses pay and get paid. Our culture of Working with and for each other enables us to delight our customers. We empower our teams to think like owners driving customer satisfaction, helping them grow their business and win in their markets.
We are looking for a Manager of Governance & Risk to innovate, win, and grow with us.
The Manager - IT Risk, Governance & Compliance will have oversight responsibility for information technology governance, risk, and compliance (GRC) for Bottomline. Develops and maintains policies, processes and procedures for the governance of IT and security. Develops and manages key IT and security risk assessment and compliance programs for proactive risk management. Develops, promotes and monitors corporate wide information security training and awareness program. Coordinates preparation, support and remediation for audits, compliance reviews, and client and federal examinations on behalf of IT. Develops and reports on key activity and performance indicators concerning GRC.
- Oversees the review, development, implementation, and improvement of IT policies, procedures, processes and procedures, ensuring compliance with relevant laws, regulations, and frameworks for financial services institutions.
- Ensures all IT policy and procedures are documented and updated according to regulatory standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and repository /system of record up-to-date as defined by the IT Governance program.
- Subject matter expert in enterprise risk management; Sarbanes Oxley (SOX) Section 404/302 Financial Controls; Gramm-Leach-Bliley Act (GLBA) Identity Theft & Red Flags; Federal Financial Institutions Examination Council (FFIEC) guidance on Information Security; and 3rd Party risk assessments.
- Oversees BCP/Disaster Recovery standards and testing.
- Oversees vendor management standards and testing.
- Oversees the IT Risk programs and initiatives, including the maintenance of relevant SOX controls; Payment Card Industry (PCI) Reports of Compliance; employee training and awareness; the support and coordination of internal audits and examinations on behalf of IT; and the formulation of management responses and remediation plans with requisite tracking and reporting of progress
- Bachelor's degree in business, accounting, finance, computer science, information systems, engineering or a related field is required
- Master's degree in a related field is advantageous
- CISSP and or CISM, CISA, CCIE certifications are advantageous as well as other Microsoft, Linux, Cisco, or security certifications
- Minimum of 5 years of experience in IT and financial services industry required
- Minimum of 3 years of experience in IT GRC (governance, risk, compliance) methodologies, tools and enablers in the financial services sector required
- In-depth knowledge of SOX, SSAE16/SOC1, SOC2, FFIEC, PCI required
- 5 or more years of experience in business process analysis, project methodology, or systems development life cycle
- Previous industry experience with risk, audit, financial institution examination and regulatory requirements and coordination
- Knowledge of eGRC tools
- In-depth knowledge of IT organization end-to-end areas and functions
- In-depth technical capabilities and professional knowledge
- Excellent written and verbal communication skills with the ability to negotiate
- Strong analytical and problem solving skills
- Ability to work both independently with sole responsibility and as part of a team to deliver quality work product in a timely fashion in a fast-paced environment
- Ability to multi-task and prioritize projects with good judgment
- Ability to exercise excellent professional judgment
- Ability to work well with people from many different disciplines with varying degrees of technical experience
- Ability to adapt to a dynamic, rapidly changing business and technical environment
Bottomline is a participating employer in the Employment Verification (E-Verify) program EOE/AA/M/F/V/D/E-Verify Employer.
Bottomline Technologies is an Equal Employment Opportunity and Affirmative Action Employer.
You’ll love Bottomline because in everything we do we seek to delight our customers and we are passionate about building a company of which we can all be proud, and this starts with building amazing teams filled with team members that challenge you every day.