TSYS JOB DESCRIPTION
Job Title:
Director - Information Security
Reports To:
Director - Information Security, TSYS International
Grade:
Level 6
Place of Work:
York Office
Job Summary:
The Director - Information Security will interact with IS, IT, and business personnel, worldwide,
on project and production support efforts that impact the security profile of the TSYS IT
infrastructure.
This role provides technical support and non-technical support to a broad range of IT security
programs and processes related to Information Security. This includes, but is not limited to,
project leadership, sharing knowledge with colleagues, managing relationships with technology
and business units regarding security polices and standards. Additionally this person is
responsible for assessing, architecting, engineering, and implementing a range of information
security services for the protection of the organization's information assets and infrastructure
and security education to TSYS team members, clients and vendors.
As a strategic consultant, you will also provide security assessments and knowledgeable
assistance with TSYS’ inter-networking infrastructure, remote access solutions, production
hosting environments, access controls, vulnerability and threat analysis, electronic messaging,
application security, encryption technologies, network security analysis, contact centre security
and other client specific security projects and value add information security consultancy to
TSYS, TSYS affiliates and clients. You will also be expected to negotiate timelines at a senior
management level and manage workloads of other security and business team members who
may be assigned to the same effort.
While based in the UK, the role will include UK travel to TSYS, vendor and client sites. Travel
may also be required throughout Europe, India, and Asia, with extended stays in specific
locations.
Key Responsibilities:

Provide leadership guidance as necessary through matrix management oversight, of
business and network teams regarding information security design and protection.

Defining issues and project related security technology and business security polices
and standards to TSYS team members at all levels.

Designing, evaluating, and implementing a range of information security services for
the protection of the organization's information assets and infrastructure.

Providing specific worldwide security assessments, security solutions, and support to
the line of business regarding information and support many diverse security areas.
o
o
o
o
o
o
o
o
remote access design
production hosting
access controls design
vulnerability and threats assessments
electronic messaging
application security design
encryption implementation design
network security designs and builds

Lead, and support, information security incident response teams, including, as
necessary, drawing on team members from other business areas and regions to
support investigations and response and liaise with senior management, clients,
vendors and industry bodies.

Provide advice and guidance in the system / application development lifecycle to
ensure information security processes and concepts are incorporated.

Understand and provide consultancy on global security regulation and compliance
issues to ensure TSYS is competitive whilst maintaining data and logical security.

Ensures compliance to corporate Information Security policies through audit reviews,
departmental briefing sessions, security awareness/education, and other methods as
appropriate.

Ensures all approved implemented processes and access rules are followed and IS
guidelines are adhered to regarding all or specified security systems.

Enforces IS policies through the department providing management violation reports,
develop and present security education and awareness, and taking appropriate
action when security offenses occur.

Serves in the capacity of subject matter expert (SME) when answering questions or
providing guidance on complex projects to internal and external customers (i.e. other
departments, clients).

Analysing business and/or technical requirements to formulate action plans, and
performing risk assessments and devising scenarios to mitigate and prioritize risk
while still meeting required timelines.
2

Performing analysis and issues resolution for business and project requirements,
and develop and document complex business cases to assist in gaining the
necessary internal support to implement security solutions.

Responsible for risk assessments, policy creation, data classification and assessing
its impact on the security design of networking, system and application solutions.

Identification of new and emerging threats that can affect the organization's
information assets.

Responsible for planning, conducting and directing research and/or development
work on more complex projects necessitating the origination and application of new
and unique approaches.

Provides security consultation to Department Management and IT project teams to
help raise awareness of Information Security issues and concerns affecting TSYS
and its clients.

Will work independently providing both internal and external consulting services.

Responsible for the management of relationships between Information Security and
our internal TSYS and external customers.

May act in a liaison capacity with other departments, divisions and organizations,
making recommendations, which may have significant impact on the technical and
business aspects of projects and programs.

Assists with the development, implementation, monitoring, maintenance, and
compliance of all information security standards, policies, and procedures.

As necessary, assist in the development or selection of cost effective solutions.

Participates in the system/application development life cycle to ensure Information
Security processes and concepts are incorporated into all applicable systems and
software.

Acts as a mentor to less experienced colleagues.

Interacts with internal and external auditors to ensure that corporate security systems
have appropriate level of internal controls.

Any other duties commensurate with the role.
3
Person Specification:
Essential Desirable
Education

Educated to degree level or equivalent in related discipline or
equivalent experience

Bachelors or Masters level degree in Information Security

CISSP

CISM, CISA, CRISC
X
X
X
X
Experience

Relevant TSYS experience

Previous experience in the financial / banking industries

Bankcard industry exposure and client interaction experience

Experience in the credit card industry. This includes experience with
and understanding of European implementation of ISO 2700X; PCI
DSS and Card personalization
X
X
X
X

Experience in regulatory compliance in the credit card industry.

Experience in managing relationships between Information Security
and internal and external customers.
X

Experience in coordinating, liaising and security consultancy with
diverse departments and IT project teams regarding Information
Security
X

Experience designing and building security architectures and
infrastructure.

Experience in enforcing IS policies and compliance to corporate
Information Security policies through audit reviews, departmental
briefing sessions, security awareness/education, and other methods
as appropriate. .
X
X
X

Experience in developing/designing cost effective solutions for
system/ application development regarding Information Security
processes and concepts in applicable systems and software
X

Experience with information security products, tools and controls.
X

Experience in interpreting broad guidance and working
independently, with the highest-levels business/engineering.
X

Experience in developing and implementing risk assessment/
acceptance factors that can affect business and security decisions.
X
Skills
4

Customer relation experience is essential, as well as being highly
motivated self-starter.
X

Strong sense of urgency / responsiveness
X

Ability to work remotely and with minimal guidance.
X

Multi-task oriented
X

Experience consulting on security issues and projects
X

Proficiency in Microsoft Visio, Word, Access. Microsoft SharePoint
is necessary, as well.
Understanding of business processes and business drivers that can
affect system design.
X

X

Expert level knowledge and experience in specific security
applications is preferred.

Experience of demonstrated initiative, professionalism and customer
service is essential for this position.
X

Demonstrates an high level of service to both internal and external
customers
X

Project planning and management skills
X

Ability to drive issue management and resolution
X
X
Knowledge

ACF2, PC-based Windows applications, LAN/WAN operating
systems, Internet/Intranet (firewalls, WEB sites, and browsers), virus
controls, experience with Database Security Models, Solaris /
Apache / JBoss, Microsoft IIS, PKI, IPSEC and related VPN
technologies, RADIUS/LDAP authentication, Windows Solaris,
Network operating systems, perimeter security, intrusion prevention
and detection, information security management, vulnerability
management, incident response, access control, and system
hardening.
X

Knowledge of commercial and open source security tools network or
system security design and implementation in areas such as:
perimeter security, network access control and segmentation;
network and host intrusion detection & prevention; system security;
database security; Internet, Extranet, and Intranet security; remote
access and wireless security; and Voice over IP (VoIP) security.
X

Knowledge of security software and version control processes.
X
5