Who Are We?

Bottomline is on a mission to be the world’s leading business payments company, aligning our team to the common purpose of transforming the way businesses pay and get paid.

It is a journey that goes around the world serving financial institutions and companies in more than 90 countries, the Portsmouth office is the central strategic hub in the US as well as one of the go-to market Global Centres of Excellence around the world, conveniently positioned to enable a fulfilling and flexible, hybrid work-life balance. A place to collaborate and share knowledge across multidisciplinary teams, it also provides the perfect space to meet virtually with our colleagues across time zones.

Culture and Values

We are one global team, who work with and for each other in a drive to delight customers through excellent execution, which fuels how we create and grow sustained business value for our customers, our team and all who partner with us.

Our culture encourages people to be brave and curious, to drive to closure and to ensure our principles are lived out daily.

We excel at Bottomline because we are positive and passionate about building a #LifeAtBottomline

Role

We are looking for an IT Audit & Risk Analyst to innovate, win, and grow with us in our Portsmouth, NH office!

This person can be hybrid or remote.

The Bottomline IT Audit & Risk Analyst is responsible for monitoring IT systems to ensure they follow policies and practices. They must evaluate technology, identify controls, and keep throughout records. In addition to monitoring IT systems, the IT Audit & Risk Analyst shall implement policies and day-to-day functions related to cybersecurity, business continuity, disaster recovery management, compliance management/internal controls, risk management, ethics management, internal and external audits. Compliance with industry mandated standards and controls (e.g., FFIEC, ISO27001, GDPR/CCPA, PCI, etc.). Additionally, they shall function as mentors to IT staff teams to ensure they have a solid understanding of procedures and necessary independence to conduct their own investigations, and are effective planners, communicators, and teachers.

The IT Audit & Risk Analyst must retain authority, encourage problem solving, and promote a constructive work environment. They must be able to direct risk functions while understanding the risks and governance associated with current and emerging technologies. The Bottomline IT Audit & Risk Analyst shall compile a vast array of data into coherent reports for the CFO, CIO, GC, CISO and Director of Audit, Risk and Compliance.

How you’ll contribute:

Participate in the development of the annual IT Risk & Governance design.
Develop and implement internal policies and procedure documents to support IT compliance initiatives.
Analyze the IT environment to evaluate application and infrastructure risks and controls.
Coordinate, execute and manage the assessment and reporting phases for multiple concurrent IT Risk and Third-Party Assessments
Review and approve tests that identify IT Risks, and provide strategic recommendations to enhance business operations.
Present risks to senior management and negotiate suggested action plans.
Promote a risk-aware culture; ensure efficient and effective risk and compliance management practices by adhering to required standards and practices.
Participate in a primary capacity in supporting compliance, and regulatory activities, including, but not limited to: PCI, SSAE16, Regulatory, Sarbanes-Oxley (SOX 404), ISO27001/9001
Support the ongoing effectiveness of information security controls (automated, manual, and needing development), working with a variety of control owners within the Information; Security and Technology organizations, and evaluating control design and standards in a variety of program areas.
Advise senior and executive management on the status of technology risk and compliance controls based on assessment results and information from various monitoring and control systems.
Support business initiatives with respect to resilience and Disaster Recovery & BIA
Conduct research and make recommendations on products, services, protocols, and standards in support of procurement and development efforts.
Develop, implement, and maintain change control and testing processes for service, application, and infrastructure modifications.
Establish appropriate end-user access controls, best practices, and perform transaction and security assessments.
Maintain up-to-date knowledge of the FinTech and Payments Industry and IT developments.
Build and maintain strong internal relationships by demonstrating detailed knowledge of the client’s business environment.
Maintain and increase personal knowledge of the Bottomline solutions and services to enable the better execution of the role.
Deliver staff training and education in the areas of security, BCP, DR and best practice.
Participation in special projects or other duties as required.

What will make you successful:

- 1-5 years of experience in risk, governance, and compliance information technology organization
- Strong understanding and knowledge of business risks and governance related to general system controls, system/applications development, change management, logical access security, local area network and wide area network concepts, contingency and recovery.
- Audit experience in a corporate environment.
- Experience managing internal audits, SOC processes and/or PCI audits from start to finish.
- Bachelor’s Degree in CS and/or related work experience.
- Excellent analytic, oral, and written communication skills
Nice to Have:
- Relevant, industry recognized security certification such as CISSP, CGEIT, CRISC, CISM, CSX-P, CISA, PMP, CISM, CPP, CPA and CBCP is helpful.
- Understanding of data management concepts
- Knowledge of SSAE18, ISO27001/2, BCP/DR, NIST and COBIT relevant frameworks
- Strong understanding of current regulatory expectations for financial services organizations
- Network & Infrastructure Architecture network segmentation concepts, firewalls, routers, VPN solutions etc.
- Systems Development (including SDLC, project management, BCP/DR and change control methodologies
- Infrastructure and Application Security Testing comprehension to understand risks associated with vulnerabilities.
- Physical Security & Data Center Environmental Controls
- Knowledge of Hosted and Windows environments, Client Server Technology, Networks,
- Experience using GRC applications.
- Excellent project management skills
- High attention to detail necessary to manage, analyze and finalize artifacts and documents.
- Familiarity with infrastructure, networking, security, and software development processes
- Organized, responsive, and able to manage multiple initiatives and tasks in parallel.

We welcome talent at all phases of their career, understanding and supporting additional needs (where applicable) as we look to innovate, win, and grow together.

Bottomline is proud to be an equal opportunity employer. We are committed to treating all individuals in a fair and equal manner by creating an inclusive and open environment.

#LifeAtBottomline

#LI-DNI

Apply for this Job

* Required

First Name *

Last Name *

Email *

Phone *

Location (City) *

Resume/CV *

Dropbox Google Drive

(File types: pdf, doc, docx, txt, rtf)

Cover Letter

Dropbox Google Drive

(File types: pdf, doc, docx, txt, rtf)

LinkedIn Profile

Website

If you're an employee referral, please provide the name of the employee

Are you legally authorized to work in your country of application? *

Will you now or in the future require visa sponsorship? *

Do you now or have you in the past worked for Bottomline Technologies? *

What is your notice period? *

What are your compensation expectations with this role? *

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Bottomline’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Gender

Are you Hispanic/Latino?

Please identify your race

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Veteran Status

Voluntary Self-Identification of Disability

Form CC-305

Page 1 of 1

OMB Control Number 1250-0005

Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

Alcohol or other substance use disorder (not currently using drugs illegally)
Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
Blind or low vision
Cancer (past or present)
Cardiovascular or heart disease
Celiac disease
Cerebral palsy
Deaf or serious difficulty hearing
Diabetes
Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
Epilepsy or other seizure disorder
Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
Intellectual or developmental disability
Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
Missing limbs or partially missing limbs
Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
Partial or complete paralysis (any cause)
Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
Short stature (dwarfism)
Traumatic brain injury

Disability Status

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Our system has flagged this application as potentially being associated with bot traffic. Please turn off any VPNs, clear your browser cache and cookies, or try submitting your application in a different browser. If this issue persists, please reach out to our support team via our help center.

Please complete the reCAPTCHA above.