Security Governance, Risk and Compliance Manager

The Security Manager, Governance, Risk and Compliance will build and operationalise our framework which will blend NIST CSF. ISO 27000 and SOC2 through build and ensure that security requirements and controls deliver security capability for product launch and continual operation.

This role blends some technically focused work but is expected to be mostly project management and working with our development teams, product owners, organisation, architects and management to make sure that meets its security objectives on time.

You will manage the security framework and controls at a technical and administrative level to achieve our security objectives and our certification objectives of ISO27001 and SOC2. You will track delivery to our objectives and ensure these are achievable and delivered on time. This is a highly collaborative role, where you will be expected to understand and communicate the details, phasing of work and track delivery of the security framework and security objectives. You will need to operate at several different levels: working with developers, architects, engineers, and other project managers on a range of tasks such as writing and operationalising policies standard and procedures, assessing controls, gathering evidence or using KPIS that demonstrate the framework is effective and being run appropriately.

Essential experience

• A strong sense of ownership. Our teams create high-quality work on quick timelines. Owning a problem doesn’t scare you, but rather empowers you to take 100% responsibility for achieving our mission
• Track record of implementing security standards or frameworks including at least three of the following: ISO 27001, EBA ICT and Security Guidelines, SOC 2, GDPR, NIST CSF, NIST 800-53, PCI
• Experience reporting security GRC posture to senior stakeholders
• Ability to navigate ambiguity and are energised by bringing order to lots of moving parts,
• Experienced in security or technology governance, risk, or compliance with experience of both leading and executing on the implementation of a framework.
• Experience of managing and escalating issues and risks as they develop in clear and understandable ways to senior stakeholders.
• Holder of recognised, current security certificate (e.g. CISSP/CISM)
• Experience working in regulated environments/banking or a FinTech
• Demonstrable experience with security technologies and architectures
• Comfortable communicating across all levels of an organisation.
• Excellent command of spoken and written English.
• Demonstrable experience working in complex cloud native environments
• Good understanding of data architecture(s), web security, zero trust models and low latency applications
• Education at degree level but we will consider relevant experience instead.