Interview with the CISO: How embedding security across every facet of Paymentology’s business is providing a platform for innovation

Security is paramount in the world of payments. And ensuring security across a payments business like Paymentology is a challenging and complex task that requires a strong and experienced leader.

We sat down with Jim Hart, Paymentology's newly-appointed Chief Information Security Officer, to get the lowdown on what the CISO role entails, how they work with departments across the business, and why security is a strategic enabler of innovation.

Why the CISO is central to success

In an ever-more digital world, the role of the CISO has become increasingly critical to organisational success. "Security stops with the CISO. And unlike traditional security roles that focus primarily on technical implementation, today's CISO functions as a strategic leader providing governance, guidance, and consultation across all business units," Jim explains.

His philosophy is built on the foundational belief that security must be a proactive strategy, not a reactive one. As such, he mandates a "shift left" approach that means security conversations are had at the very first stages of product design.

“If we talk to teams when they’re still brainstorming a product, we can guide them in a way that makes security invisible, but present,” Jim says. Rather than waiting for the final testing to review security, new products are put under scrutiny much earlier in the process. This strengthens compliance, reducing the need for work to be redone, and ultimately leads to more secure and reliable product releases.

Security should be smart, not just a box-ticking exercise

Jim's early career in security was focused at a very granular level, looking at firewalls, network traffic, and infrastructure controls. Not only did this grounding give him a keen eye for detail, it also brought out his natural curiosity about why attacks happen, and not just how. “It’s about understanding the intent—what’s the business model behind these attacks, and what’s the actual threat to us?” he says.

His deep knowledge of threat intelligence as well as auditing and compliance has helped him develop a practical, flexible approach to security. “You could monitor everything—your doors, your cameras, your traffic—but it gets expensive fast. Security is about making smart decisions, not just ticking boxes.”

Security across the business – and across markets

He also recognises how important it is that security is embedded across the entire organisation – it's not just confined to one department. He works cross-functionally with teams across the Paymentology business to build a culture of security, collaborating with the People team to understand employee access needs and hardware use, and with Legal to ensure contracts reflect strong data protection obligations in line with regulatory frameworks.

Paymentology's business spans multiple continents, and Jim's wide-ranging experiences in security have helped him understand how threats differ by market. India, for example, sees high frequencies of attempts to misuse PAN data for eCommerce fraud. However, this market also has extremely advanced fraud detection due to the volume of payments they handle.

Meanwhile, in the US, outdated technologies such as magstripe – vulnerable to cloning and skimming – are still commonly used. “You have to tailor your defences to the local environment. What works in one market might be irrelevant – or even excessive – in another,” he explains.

An eye for talent, and creating an innovation platform

As Jim pushes to keep Paymentology agile, resilient and ready for the future, he is focusing on talent strategy as well as technology strategy. The business needs to attract and retain security professionals who are just as comfortable in a terminal as they are in a product planning meeting. It's all about – as he puts it – "building agile teams that can spot threats early, respond quickly, and support the business without getting in the way".

Under Jim’s guidance, Paymentology is making security a natural part of how the business builds, ships, and scales its products. His objective is to reduce any friction, making security a foundational component that enables innovation within the business, rather than holding it back. “Real security doesn’t just help you avoid breaches. It helps you move faster, with confidence. Done right, it’s a launchpad—not a roadblock.”