If you're looking for a unique opportunity to lead an InfoSec organization with the oversight to design, implement and lead a group responsible for delivering on Payroc's growth and industry-changing strategic objectives - read on.

At Payroc, we're building the next generation of capabilities that powers our merchant-first ecosystem. The radical and responsible delivery of value is our mandate. We believe that focused and empowered teams can do great things. You'll find that we're a curious, driven, and pragmatic bunch who believe in outcomes over outputs, and we're looking for like-minded individuals to join us on our journey.

What we're obsessive about:

  • Small teams, big things: We'll convey the outcomes our merchants require, provide you with the support and tools to succeed, and then we let you work your magic, with no needless processes to get in your way.

  • Develop, grow, thrive: We promote a philosophy where you can develop and grow as an individual and team. We encourage you to approach problems in unique ways, try new techniques, learn from your colleagues and master your craft.

  • Real people, real problems: We develop solutions to solve real-world challenges faced by our merchants. Our Team Members collaborate to build the right things the right way. We are curious about how things work, and we believe that sharing ideas and insights leads to better, more innovative products.

As our Director of Information Security, you'll work closely with our leadership team to continue to build the Information Security group. You'll be a "player-coach," focused on attracting and developing talent, but also staying hands-on to oversee the InfoSec footprint across enterprise and product considerations.

This role is responsible for establishing, implementing, monitoring, and enforcing information security standards for Payroc. This position is also responsible for the creation and maintenance of Payroc information security strategies. The incumbent will serve as an expert advisor to senior management in the development, implementation, and maintenance of a global information security infrastructure. They will ensure best practice control objectives for system integrity, availability, confidentiality, accountability, and assurance fall within the context of the risk tolerance set by the senior management of Payroc.

Duties and Responsibilities

  • Identify and propose key information security program priorities, initiatives, plans, practices, and tools.

  • Execute approved information security project plans and provide regular status reporting on the progress of such projects.

  • Provide guidance and recommendations regarding prioritization of investments that mitigate risks, strengthen defenses, and reduce vulnerabilities.

  • Develop, publish, and maintain comprehensive information security standards, policies, procedures, and guidelines.

  • Conduct threat and vulnerability assessments to properly analyze the risks to information security and determine appropriate measures to manage those risks effectively.

  • Assist in the review of applications and technology environments during the development or acquisition process to (a) assure compliance with corporate security policies and directions and (b) assist in the overall integration process.

  • Advise the management team on risk issues that are related to information security and recommend actions in support of the business goals of Payroc.

  • Remain current on security trends, technologies, legal, and compliance requirements.

  • Understand potential and emerging information security threats, vulnerabilities, and communicate this information to appropriate team members throughout the company on a timely basis.

  • Guide business units as necessary to investigate security breaches and to pursue associated potential disciplinary and legal actions in collaboration with the Corporate Human Resources and Legal departments as appropriate.

  • Engage and direct outside consultants as appropriate for information security audits.

  • Conduct regular and ongoing monitoring of and reporting on corporate compliance with information security standards and policies.

  • Manage the investigation of security breaches or potential breaches and assist with disciplinary and legal matters associated with such violations.

  • Direct the development and enforcement of information security and privacy policies in compliance with federal and state regulations and standards.

  • Oversee the development of, and be the enterprise champion of, a corporate security awareness and training program.

  • Collaborate with business units to deliver essential security tips and guidance to merchants and partners.

  • Work with multiple subject matter experts across a range of domains to ensure compliance under PCI-DSS, PA-DSS, and P2PE standards.


  • Bachelor's Degree or equivalent work experience. Experience in the credit card acquiring/processing industry is preferred.

  • 7+ years experience in Information Security within enterprise environments.

  • Demonstrate experience managing and leading teams.

  • Security/Networking certifications (i.e., CISSP, CISM, GIAC, CCNA).

  • Understanding and awareness of the Payment Card Industry (PCI) data security standards (PCI DSS) and the payment application data security standards (PA DSS) as well as experienced in the implementation of controls to mitigate PCI issues.

  • Extensive and recent experience and in-depth working knowledge across multiple technical disciplines including one or more of the following; IDS/IPS, Firewalls, SIEM, Enterprise Anti-Malware solutions, DLP, Vulnerability Assessment tools, Technology Compliance tools, FIM.

  • Expertise with tools and processes used in security incident detection and handling.

  • Expertise with security event analysis and intrusion detection (IDS/IPS Incident response - triage, incident analysis, remediation).

  • Ability to perform in-depth forensic analysis to aid in finding threats/suspicious activities in the enterprise.

  • Working knowledge of Windows and Linux Operating Systems.

  • Working knowledge of networking protocols (i.e., FTP, HTTP, DNS, DHCP, RADIUS, SNMP, SSH, Syslog, and SMTP).

  • Present ideas, expectations, and information in a concise, well-organized way.

  • Excellent communication skills, both verbal and written.

  • Ability to work independently towards goals.

  • Excellent work ethic and the ability to be a productive and reliable team member.

  • Other duties as assigned.