Summary

As a senior GRC professional, you will take ownership of complex security governance activities, applying your deep understanding of information security, risk management, and regulatory compliance to support and enhance our organisation’s security posture. You will lead efforts to maintain and mature our security framework, collaborate on designing effective processes and controls, and ensure alignment with internal policies and external regulatory expectations. Beyond execution, you will drive continuous improvement and act as a key point of contact for audits and risk assessments.

Responsibilities

• Maintain and enhance the organisation’s security framework, including policies, guidelines, standards, and procedures.
• Design and support the implementation of security processes and controls aligned with internal frameworks and regulatory requirements.
• Conduct security assessments and vendor due diligence for third-party risk management.
• Act as lead contact for audits, ensuring effective preparation, documentation, and issue resolution.
• Perform risk assessments and ensure the security risk register is accurate, up-to-date, and actionable.
• Stay up to date with relevant regulations (e.g., DORA, EBA guidelines, UK/EU compliance requirements), and translate them into applicable controls and internal processes.
• Support the organisation’s PCI-DSS certification efforts and maintain a strong understanding of its evolving requirements.
• Advise internal stakeholders on compliance best practices and security control design.

Qualifications

• 5–7 years of relevant experience.
• Master's degree or equivalent in Security, Technology; advanced certifications or master's degree preferred.
• Professional certifications preferred: CISA, ISO/IEC 27001 (Auditor or Implementer), AWS Security Speciality, or equivalent.
• In-depth knowledge of EU/UK regulatory environments, including DORA, EBA guidelines, and equivalent local implementations.
• Strong working knowledge of PCI-DSS, security audits, and compliance frameworks.
• Proficiency in English required; additional language(s) considered an asset.
• Significant expertise and track record of success in similar environments.
•  

Additional information

Interview process:

1. HR Call
2. Interview with Head of Security
3. Interview with Application Security Engineer