Reporting to Group CISO:Definition and Monitoring of Security Strategy and BudgetDefinition and Monitoring of Integration Opportunities, Plans and Relevant InitiativesCoordination of the Security & Business Continuity Community (130+ sec professionals in the Group)

Lead the interaction with stakeholders in all cases where cybersecurity needs to be represented. Such cases are (but not limited to):- Audits from Payment Schemes- RFPs, Workshops, contact reviews from Potential Customers- Audits from Current CustomersAim at streamlining the effective management of evidence to ensure they are timely harvested, updated and presented consistently, in order to prove the security posture of the organization; they can be used as KPIs or to identify potential gaps Address the security related evidence requests or findings coming from the auditsBe the SME for technical security compliance matters, aiming at keeping a direct link with the regulatory Authorities governing related to each SIA Group subsidiary (e.g. Payment schemes and the PCI Council), as well as keeping up to date, proactively streamlining and harmonizing of the technical controls and procedures.Lead the Integration efforts for information collection, assessments and migration plans for existing companies of the Group or new acquisitions. Participate in the vendor assessments to ensure security controls are present.Ensure that industry standards, legislation and contractual agreements are incorporated when needed in the Cyber Security Program and all related audits are addressed effectively.

Represent the GCSF organisation in any interaction with Third Parties - mostly auditors and customers - in cases of third party or payment scheme audits, client audits, clarifications, questionnaires, RFPs, contract reviews, workshopsAlso was responsible for:CI Program for EMEA and APAC: Ensuring the organization meets internal standards and processesInvolved in identifying gaps in all security and compliance related aspects and assist with remediationResponsible for the implementation of Global Documentation program in the regionSetting up and performing assessment programs, internally or externallySME for compliance with regards to PCI & other payment scheme audits.

-Support First Data's ISOs as the subject matter expert for Association Compliance on matters such as: Visa Europe and Mastercard Europe logical and physical requirements for Card Vendors, PCI PIN Security, Visa and MC 3D secure, Mobile payments, PIN delivery methods, etc.-Serve in a liaison role between ESRC, FD’s BU(s) in EMEA and VISA Europe or MasterCard Europe bringing enhanced alignment between these groups-Perform internal audits, risk assessment and third party reviews against those standards-Serve as single point of contact for all topic related issues and as the collection point for any suggested changes/updates-Responsible for maintaining a detailed knowledge of FD’s environments in scope Represent the needs of FD BU(s) and ensure that they are aligned with the requirements-Participate in new projects to ensure all applicable requirements are identified and fulfilled-Create and maintain related procedures, develop a timeline for implementing and provide metrics related to progress

Main responsibilities:Maintain compliance with Payment Schemes and PCIImplementation of Information Security policy locallyDesign and Documentation of procedures tailored to local needsOrganising and running all IT Security related auditsInternal and External Consultancy Key Management consulting and overviewBusiness Strategy alignmentSecurity planning and Acceptance into ServiceImplement Risk Management ProgramImplement Security Awareness ProgramParticipation in EMEA projects and local IT related projectsException handling and managementDepartment’s budgetDepartment’s Resource Planning and Management

Main responsibilities:Key Management ceremoniesMaintaining compliance through housekeeping procedures such as vulnerability scans and reviewsAudit preparation and supportIncident Investigation and ReportImplementation of Security related toolsSecurity Awareness (EMEA level)Data ControlProvide Monthly Security Metrics