Overview

Customers entrust Deluxe with some of their most valuable financial data and as such security is of utmost importance. The CISO will build upon the existing security frameworks and mature the program as the company advances its technology modernization efforts and contends with an increasingly complex threat environment and regulatory landscape.

The CISO will report to the CTDO and have endtoend accountability for leading all things security.

Expectations for the Role:

Strategic Influencer: The CISO will have experience creating and driving the overall security posture throughout an organization. The CISO will identify current needs as well as anticipate future needs. One who can articulate risk and put together a balanced proper security plan: not overly conservative but businessrisk based. This will require excellent communication skills including the ability to convey complex security related concepts to technical and nontechnical audiences alike. With welldeveloped interpersonal and collaboration skills to foster relationships across the organization with the BoD within the security community as well as with customers.

Team Builder & Leadership: The CISO is a cultivator who has built leveraged and grown worldclass security teams with thoughtful intention towards diversity and inclusion. Furthermore the CISO will have a high level of personal integrity with the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity. The CISO shall have experience in managing a team of 60 FTE as well as managing resources provided by MSPs.

Domain Expertise: The CISO shall have a proven background in security leadership ideally possessing the following areas of expertise at scale:

Securing Corporate Assets: The CISO will have experience implementing world class programs for AppSec InfoSec and CorpSec keeping data safe for Deluxe assets as well as its employees and members. The CISO has designed and implemented security assurance practices including threat modeling and penetration testing and possesses indepth knowledge of common application infrastructure security vulnerabilities and mitigations skilled at implementing secure modern Identity and Access Management (IAM).

Governance / Risk / Compliance: The CISO will possess a strong knowledge of standards and information security in a highly regulated space while ensuring ongoing company compliance including exposure to controls around the Service Organization Control 1 and 2 (SOC 1 /SOC 2) NIST 80030 ISO 27001 Payment Card Industry Security Standards (PCI) Health Insurance Portability and

Accountability Act (HIPAA) California Consumer Privacy Act (CCPA) Cloud Security Alliance (CSA) Consumer Financial Protection Bureau (CFPB) Federal Financial Institution Examinations Council (FFIEC) and various other laws and regulations including Executive Orders will be ideal. In addition the CISO will have demonstrated the ability to negotiate security and compliance during the enterprise sales or partnership process. Ideally the CISO would have operated at a public company and understands the implications on the design and execution of security and compliance programs.

Securing the Public Cloud: The CISO shall have a deep understanding of cloud computing architectures and security challenges with running multitenant environments at scale in public cloud environments particularly in Amazon Web Services (AWS).

Application Security / Collaborate with Engineering: The CISO will be closely involved in maintaining and improving security within the Deluxe platform with prior experience in leading application security and advocating for product security improvements with product teams.

Additional Expectations:

• Credible External Posture: In addition to the heavily focused internal scope the CISO will also be responsible for guiding narrating and elevating the companys external security posture and narrative.

• Exceptional Communicator: The ideal candidate shall be an excellent storyteller with the ability to articulate a clear vision that balances technical expertise pragmatic understanding of the security landscape principled decision making user empathy and data analysis.

• High Growth Mentality: The ideal candidate will have demonstrated success in performing highly complex and diverse duties under deadlines and operating constraints in a high growth technology environment.

• Culture and Values: The CISO shall embrace and be a promoter of Deluxe Core Values.

• Position Location: Atlanta or Minneapolis metro areas

• Work Environment: Hybrid in office 3 days/week

Basic Qualifications:

Education and Experience: Bachelors and 10 years or Masters and 8 years 7 years of Management.

• Experience managing regulatory and compliance policies.

• Experience developing information security protection goals objectives and metrics consistent with corporate strategic plans.

Preferred Qualifications:

Education: Masters Degree in Computer Science or Information Technology

Experience: 10 years in security frameworks and standards

Additional Basic Qualifications:

Must be 18 years of age or older

Benefits

In line with our commitment to employee wellbeing our total rewards benefits package is designed to support the physical financial and emotional health of our employees tailored to meet their unique and evolving needs. Our approach considers our employees whole selves ensuring they can thrive both in and outside of work. Here are some of the benefits we offer which may vary based on role location or hours worked:

• Healthcare (Medical Dental Vision)

• Paid Time Off Volunteer Time Off and Holidays

• EmployerMatched Retirement Plan

• Employee Stock Purchase Plan

• ShortTerm and LongTerm Disability

• Infertility Treatment Adoption and Surrogacy Assistance

• Tuition Reimbursement

These benefits are designed to enhance the health protect the financial security and provide peace of mind to our employees and their families.

Deluxe Corporation is an Equal Employment Opportunity employer:
All qualified applicants will receive consideration for employment without regard to race color creed religion disability sex age ethnic or national origin marital status sexual orientation gender identity or presentation pregnancy genetics veteran status or any other status protected by state or federal law.

Please view the electronic EEO is the Law Poster which serves to inform you of your equal employment opportunity protections as part of the application process.

Reasonable Accommodation for Job Seekers with a Disability: If you require reasonable accommodation in completing this application interviewing completing any preemployment testing or otherwise participating in the employee selection process please direct your inquiries to .