Payment Security Manager

Company Description

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Job Description

Ecosystem Risk – Manager, Ecosystem Payment Security Risk Europe

What’s it all about?

Responsible for providing client program management and operational support for the Data Security & Third-Party Risk programs.  

This team is responsible for leading the data-led approach to combatting data security compliance, client third party due diligence and client compliance to Visa core rules for the management of third-party agents.

The role also has accountability for Europe risk signoff on all Rule changes and waivers, EMV terminal testing requirements and payment card EMV requirements. 

The role requires engagement with Visa clients, client third parties, merchants, and other partners operating in the payment’s ecosystem as well as regulators where subject matter expertise is required.

The job holder is required to present verbal and written reports on ecosystem security and compliance issues. This communication must combine strong SME understanding with the ability to convey complex issues to senior stakeholders.

What we expect of you, day to day:

Job purpose:

The Ecosystem Security Manager is responsible for being part of a team of compliance professionals to execute Visa's ecosystem risk payment security strategy. The role involves delivering VEL’s payment system risk strategy by identifying emerging threats and security vulnerabilities affecting Visa issuers, acquirers, merchants, processors, and other entities that handle Visa cardholder data and implementing appropriate mitigating controls.

Key Accountabilities:

• Risk reduction through compliance with PCI Data Security standards.

• Revenue support through program fees and managing compliance.

• Collaborate with Global Visa risk teams and partner with external stakeholders to drive Visa's business objectives and promote responsible growth and innovation

• Implement and manage Visa’s data security compliance programs in Europe e.g., Card vendor program, 3DS ACS, based on business needs and knowledge of external market practice and industry standards.

• Implement and manage Visa’s Merchant, Third-Party Agent and VisaNet Processor programs in Europe.

• Act as subject matter expert for topics relating to payment ecosystem agents and intermediaries, having a detailed knowledge of the operation of all agents and intermediaries and the risk such entities bring to the payment ecosystem.

• Support the development of Visa’s compliance capability within Europe through effective management of Account Information programs.

• Champion changes of global program requirements to improve client due diligence to mitigate new and existing threats to the Visa brand and account data breaches.

• Implement Client and Stakeholder support mechanisms relating to data security compliance programs.

• Provide bespoke data security and risk operations training to client and internal stakeholders.

• Oversee the implementation of policy and practice for data security compliance programs, ensuring compliance with local legislation.

• Ensure risks arising from third parties are mitigated.

• Maintain awareness of innovative thinking, industry practice and governance around data security risk operation programs as relevant to Visa.

• Support compliance lead with the EMV testing requirements waivers for payment terminals and cards including assessment and review prior to signoff.

• Support compliance lead with waiver and change requests to Visa rules on behalf of Europe risk.

• Support compliance lead on regularly delivering reporting on the health of the compliance programs.   

• Represent Visa in security-forums including PCI events.

This is a hybrid position. Expectation of days in office will be confirmed by your Hiring Manager.

Qualifications

• Educated to degree level in a relevant discipline or equivalent work experience.
• 5 years minimum as a payment risk and/or information security subject matter expert.
• Knowledge of payment risk and information security practices with direct experience in developing and implementing policies and risk frameworks.
• Knowledge of information security standards and best practices (e.g. PCI, EMV, NIST)
• Excellent written, oral and presentation skills and an ability to synthesize information and make clear, concise language.
• Ability to keep pace with demands of business by anticipating problems, proffering appropriate solutions and providing the leadership to effectively implement change.
• Self-driven, demonstrated excellence in leading risk and/or compliance programs.

Preferred Qualifications

• Security certifications (CISSP, CISA, ISO 27001 Lead Auditor)
• Knowledge, understanding and experience of risk management practices in financial services
• Knowledge of the UK and wider European payments and / or financial services industry and the major trends affecting key stakeholders
• Knowledge and experience of the Visa Europe payment system, its governance principles and Visa Europe’s compliance framework

Additional Information

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.