Information Security Manager

Information Security Manager BASYS Processing - 3.6 Lenexa, KS Job Details Full-time 1 day ago Qualifications Endpoint Security Employee onboarding Computer science Azure Bachelor's degree in information technology Computer Science PCI ISO standards Regulatory compliance Cloud security management Compliance audits & assessments SOC 2 Performance management Bachelor's degree in business administration Information security compliance Team development Training employees on security practices Bachelor's degree Continuous improvement Team management System risk assessment (security system operation) NIST standards Investigation evidence collection Cloud networking Third-party risk management Vulnerability management Due diligence Business Administration SIEM Root cause analysis Senior level AI Cross-functional collaboration Onboarding process management Business RMF Bachelor's degree in computer science Incident response implementation 2 years Vendor risk management Information security auditing Communication skills Cross-functional communication Overseeing training Information Technology IT security monitoring Full Job Description Grow with a team that leads with service and builds with purpose. At Basys, we believe success is built on relationships, not transactions. We collaborate, solve challenges head-on and raise the bar for ourselves and each other every day. If you're energized by meaningful work and motivated to make a real impact, you'll feel right at home here. We personalize payments and elevate service so our clients can grow with confidence. And we're building a company where innovation, care and accountability shape how we work: together. Summary The Information Security Manager is responsible for leading and executing the organization's information security program, balancing governance, compliance, and hands-on technical security responsibilities. This role provides leadership to a team of security associates while partnering closely with IT, Engineering, and business stakeholders to identify, manage, and reduce security risk. The Information Security Manager ensures compliance with regulatory and customer security requirements, supports secure operations across systems and platforms, and contributes to a strong culture of security awareness and accountability across the organization. Employees in this role are expected to perform their duties in accordance with The Way We Work, helping to create a company where innovation and care drive meaningful connections. Duties & Responsibilities Essential Functions Develop, implement, and maintain the company's information security program, including security policies, standards, and control objectives. Provide leadership and day-to-day management for an assigned team of security associates, including work direction, coaching, performance feedback, and support of professional development. Conduct and lead information security risk assessments across applications, infrastructure, and third parties; maintain a risk management framework to identify, assess, document, prioritize, and track remediation of security risks. Oversee and perform (as needed) threat detection, vulnerability management, and incident response activities, including investigation coordination, root cause analysis, remediation tracking, and post-incident reviews. Own and manage the PCI DSS compliance lifecycle, including control implementation and validation, assessment coordination, evidence collection, and remediation of findings. Lead SOC 2 readiness, audits, and ongoing compliance by maintaining control documentation and mappings, coordinating evidence collection with cross-functional teams, and serving as the primary liaison to external auditors and assessors. Assess, monitor, and report third-party and vendor security risk, including due diligence reviews, security requirement input, and ongoing risk monitoring as applicable. Provide hands-on security support for cloud and networked environments (e.g., Azure and application networking), including reviewing configurations, recommending or implementing security controls, and partnering with IT and Engineering to remediate identified issues. Partner with Engineering to implement and validate application security requirements (e.g., OWASP-aligned controls), support secure development practices, identify security gaps, and track remediation to closure. Additional Responsibilities Manage security awareness and training to support required policies, acceptable use practices, and security responsibilities across the organization. Support initiatives that enhance the security of associates, partners, systems, and integrations through collaboration, adherence to security practices, and continuous improvement. Work collaboratively with internal departments to support secure operations and a high standard of service for internal and external stakeholders. Contribute to the onboarding and training of new associates by sharing security practices, standards, and role-appropriate guidance. Promote and reinforce appropriate workplace behavior in accordance with company policies, procedures, and management guidance. Resolve routine and moderately complex issues within scope of responsibility and communicate resolutions or required information to impacted parties. To remain innovative and efficient, the use of AI is typical and expected within this role and at Basys. Perform other related duties as assigned, consistent with the nature and level of the role. Requirements This role is eligible for a hybrid schedule. Up to 2 days per week may be worked remotely in accordance with the telecommuting policy.

A commitment to:

Strong communication both written and verbal with ability to translate security to business stakeholders Strong problem-solving skills and use of judgement Accountability and ownership for assigned tasks and follow-through Quality, accuracy, and attention to detail Continuous improvement and learning Education & Experience Bachelor's degree in Computer Science, Information Technology, Business Administration or other related fields is preferred 5-8+ years in information security, cybersecurity, or GRC 2-4+ years management experience Experience with PCI DSS Experience with SOC 2 audits/readiness Familiarity with frameworks like NIST CSF and

ISO 27001

Experience with security tools/vendors (SIEM, endpoint, vulnerability management) BASYS provides direct credit and debit card processing solutions for businesses across the country. We treat our team, clients, and vendors like people, not numbers. BASYS is proud to maintain a 90% customer retention rate of clients that continue to process, in an industry where retention rates often average closer to 70 to 75%. We feel that this is a perfect example of how our customer oriented business model sets us apart. BASYS is an equal opportunity employer