Additional Info

Job title of nominated professional (or team name)Director of Information Security and Compliance
Company (where nominated professional or team is working)Bluefin
Company size (employees)100 to 499
CountryUnited States
Headquarters RegionNorth America


With a demonstrated history of working in the information technology and network security industry, Joshua Garrick’s experience includes designing and implementing security programs to comply with various regulatory frameworks, such as PCI DSS, HIPAA and NIST. In his current role as Director of Information Security and Compliance at Bluefin, Mr. Garrick has successfully managed several successful security assessments over the last year, including PCI P2PE Decryption Management Service, PCI P2PE Solution Provider, and multiple delta change assessments to several Bluefin product offerings. Mr. Garrick also possesses expertise in risk management, security assessments and security incident response. He develops and leads PCI and security training for new employees, ensuring everyone, regardless of position, understands payment industry security requirements and how it impacts their role at Bluefin. Mr. Garrick is relied on heavily by Bluefin’s CIO and CISO for assessments, policy and procedure development/updates, as well as his strong organizational skills and ability to work across departments to drive projects to completion.


- Bluefin is a well-known service provider within the secure payments space. As Bluefin’s Director of Information Security and Compliance, Mr. Garrick’s role requires extensive knowledge in cybersecurity best practices and payments industry compliance. Bluefin’s ability to provide its products and solutions within the payments industry is directly impacted by its ability to achieve annual compliance with PCI-DSS, PCI-P2PE, HIPAA, as well as SOC. Mr. Garrick, being a former PCI Qualified Security Assessor with years of merchant and service provider assessment experience, has become integral to Bluefin achieving successful and secure deployments of its solutions and products, often coordinating and leading inter-departmental meetings, presentations and trainings.
- Bluefin has hundreds of connected partners who rely on Bluefin to provide security services. Mr. Garrick is the main point of contract for answering and completing the multitude of security questionnaires received each year from client compliance departments as well as prospective client’s conducting their due diligence.
- Mr. Garrick has also led Bluefin’s security awareness program, which included webinars on sensitive PII and US/EU privacy laws, as well as refresher training on recognizing sensitive information and Bluefin approved methods for transmission of that information. This accomplishment coincided with Bluefin's acquisition of an EU-based security payments company, TECS Payment Systems. This required the review, updating and merging of Bluefin's cyber security policies and procedures, all of which were managed by Mr. Garrick.