Why Choose Bottomline? Are you ready to transform the way businesses pay and get paid? Bottomline is a global leader in business payments and cash management, with over 35 years of experience and moving more than $16 trillion in payments annually. We're looking for passionate individuals to join our team and help drive impactful results for our customers. If you're dedicated to delighting customers and promoting growth and innovation - we want you on our team! Location: This role is Remote based; Candidates can be located in the US or EU markets. The Role The Brand Security and Exposure Management Analyst is a business-focused cyber monitoring role responsible for protecting the organization's brand reputation, customer trust, and corporate identity across digital channels. This position bridges cybersecurity awareness with business risk management, focusing on the detection and response to brand abuse, impersonation schemes, data exposure incidents, and supply chain compromises that could impact customer confidence or organizational reputation. The successful candidate will coordinate cross-functional responses involving fraud, legal, privacy, and customer service teams while providing supplemental support to security operations during scheduled shifts. This role emphasizes business acumen, stakeholder communication, and practical risk mitigation over deep technical analysis. How you’ll contribute Brand Protection and Reputation Monitoring • Lead the development and implementation of brand monitoring capabilities within Security Operations, establishing processes for detecting and responding to brand abuse across digital channels • Monitor online sources including social media, mobile app stores, domain registrations, and underground forums for unauthorized use of corporate trademarks, executive impersonation, and fraudulent schemes targeting customers • Identify phishing campaigns, fake websites, counterfeit mobile applications, and social engineering attacks that exploit the organization's brand to defraud customers or damage reputation • Track discussions and activities on underground platforms where stolen customer data, compromised credentials, or payment card information may be traded or disclosed • Assess the business impact and reputational risk of brand abuse incidents, prioritizing response activities based on potential customer harm and operational disruption Exposure Response and Cross-Functional Coordination • Coordinate takedown and remediation efforts for fraudulent domains, fake social media accounts, counterfeit applications, and phishing infrastructure impersonating the organization • Partner with Legal counsel to facilitate cease and desist actions, intellectual property enforcement, and appropriate escalation to law enforcement when criminal activity is identified • Collaborate with Fraud teams to understand emerging fraud patterns, share intelligence on threat actor tactics, and support investigations of customer-impacting incidents • Work with Privacy officers to ensure appropriate handling of customer data exposure incidents, including breach notification assessments and regulatory reporting requirements • Support customer-facing teams by providing timely intelligence on active threats, recommended customer communications, and guidance on responding to customer inquiries about suspicious activity • Maintain documentation of brand abuse cases, response timelines, and resolution outcomes to demonstrate program value and inform process improvements Supply Chain Exposure and Vendor Incident Coordination • Monitor public disclosures and intelligence sources for security incidents, data breaches, and compromises affecting third-party vendors and technology partners • Assess potential business impact when supply chain partners experience security incidents, including risks to customer data, operational continuity, and regulatory compliance • Coordinate with internal stakeholders to determine appropriate response actions when vendor compromises are identified, including contract reviews, audit requests, or service migration planning • Support vendor risk management activities by providing external intelligence on supplier security posture, incident history, and threat actor targeting of the supply chain • Track ransomware campaigns and data extortion operations affecting the financial services sector, alerting leadership to potential impacts on business operations or partner relationships Security Operations Center Support • Provide alternating shift coverage for the Security Operations Center, supporting 24/7 monitoring and basic incident response capabilities during scheduled rotations • Review and triage security alerts escalated from Level 1 analysts, performing initial assessment and escalating confirmed incidents to senior security personnel • Leverage brand monitoring insights to enhance security operations awareness of external threats, phishing campaigns, and credential exposure affecting the organization • Document security events and response activities according to established procedures, ensuring appropriate record-keeping for compliance and audit purposes • Participate in on-the-job training and skill development to build competency in security operations procedures, incident response workflows, and monitoring technologies If you have the attributes, skills, and experience listed below, we want to hear from you. Education • Bachelor's degree in Cybersecurity, Information Security, Business Administration, Criminal Justice, Fraud Management, or related field • Master's degree in Cybersecurity or Information Systems preferred Professional Experience • 1-3 years of experience in financial services, insurance, anti-money laundering (AML), fraud prevention, compliance, or cybersecurity roles with exposure to business risk management • Experience working in cross-functional environments involving fraud, legal, compliance, privacy, or customer service organizations • Familiarity with payment processing operations, financial crimes typologies, or customer data protection requirements in regulated industries Core Skills and Knowledge • Strong business acumen with ability to translate cyber risks into business impact, financial exposure, and reputational consequences • Basic understanding of cybersecurity principles, common attack methods, and fraud tactics used against financial institutions • Comfortable conducting online research across social media platforms, search engines, and public information sources to identify brand abuse • Awareness of phishing techniques, social engineering tactics, and impersonation schemes commonly used to arenaflex customers and employees • Willingness to learn security monitoring tools and procedures with on-the-job training and mentorship from senior security personnel CORE COMPETENCIES • Business Risk Focus: Ability to assess cyber incidents through a business lens, prioritizing response activities based on customer impact, financial exposure, and reputational risk • Stakeholder Communication: Exceptional written and verbal communication skills with ability to engage effectively with legal, fraud, privacy, compliance, and business leadership • Investigative Mindset: Strong critical thinking and problem-solving abilities with natural curiosity to investigate suspicious activity and identify patterns of abuse • Coordination Excellence: Proven ability to orchestrate multi-team responses, facilitate decision-making across organizational boundaries, and drive incidents to resolution • Customer Protection Orientation: Genuine commitment to safeguarding customer interests, protecting brand trust, and minimizing harm from fraud and abuse • Adaptability: Comfortable operating in ambiguous situations, learning new technologies and procedures, and adjusting priorities as business needs evolve • Ethical Judgment: Demonstrates discretion when handling sensitive information, maintains confidentiality, and exercises sound judgment in escalation decisions • Operational Flexibility: Willingness to support alternating shift schedules and transition seamlessly between proactive brand monitoring and reactive security operations support REPORTING STRUCTURE Direct Reporting: Cyber Threat Intelligence Manager Indirect Reporting: Senior Manager, Security Operations and Senior Manager, Threat and Vulnerability Management for SOC operational matters and shift coordination WORKING CONDITIONS This position operates in a 24/7 security operations environment requiring alternating shift coverage including evenings, weekends, and holidays on a rotating basis. The role requires extended periods of computer use for online monitoring, investigation activities, and documentation. The analyst should be prepared for urgent response situations requiring rapid coordination across Legal, Fraud, Privacy, and customer-facing teams. Due to the nature of brand abuse monitoring, the analyst may encounter disturbing content including criminal discussions, stolen data, and schemes designed to harm customers. This job description is intended to convey information essential to understanding the scope of the position and is not an exhaustive list of skills, efforts, duties, responsibilities, or working conditions associated with it. Management reserves the right to modify, add, or remove duties as necessary. #LI-AD1 We welcome talent at all career stages and are dedicated to understanding and supporting additional needs. We're proud to be an equal opportunity employer, committed to creating an inclusive and open environment for everyone. Apply tot his job