Information Security Compliance Manager
🤔 Who are we and why do we do what we do?
We are a data and payments company on a mission! We’re a group of developers, financial experts, and optimists who share a vision for improving the financial wellness of people, their businesses, and their communities.
We started this company with the aim of changing how the industry used and viewed data. As architects of Open Banking, Open Finance, and Open Data, we strive to be a force for good — changing the status quo of how businesses interact with people. We strive to serve the whole population through every change in their finances.
We do this by powering businesses through our APIs and Personal Finance Tech solutions as well as our own personal financial management app for consumers.
We can only do that by being an inclusive and diverse organisation. We invest in our people, and enjoy an environment focused on innovation, collaboration and openness.
💰 What do we offer?
We champion flexibility, and we trust and respect our employees to deliver results in a way that best suits them, working around their own lives and commitments.
We live and breathe a fantastic culture of remote working and you may perform your duties predominantly from your home. However, the heart of Moneyhub is in Bristol and from time to time you will be required to attend company meet ups. Your role may require you to attend client meetings, networking events or group training sessions. You may also be required to work at such other place or places as we may reasonably require from time to time. As a minimum, you will be required to attend a quarterly All Team Away Day at a location of our choice (including overseas).
As well as a truly flexible approach, we also offer a fantastic range of benefits, including:
Remote working - with quarterly away days, regular team meeting and face to face client meetings as required.
10% contribution towards your Pension from your very first day with us;
25 days of holiday (plus bank hols), rising to 30 days after two years;
Choose to take your entitlement to UK bank holidays at other times based on your own days of significance;
Private medical insurance, including cover for pre-existing conditions, plus dental and optical benefit;
Six week Moneyhubber Family Pay when you become a new parent;
Permanent health insurance and life cover - much greater than the industry standard (death in service);
Employee assistance programme;
Professional development support, with dedicated allowance of time and money;
Life event leave;
Cycle to work scheme;
EV Salary sacrifice scheme;
£750 towards professional memberships
Remote working benefits, including work from almost anywhere, access to co-working spaces and support for your home office set-up
High spec laptop
Requirements
👀 Sounds great right? What will you be doing?
As an Information Security Compliance Manager, you will play a crucial role in ensuring our organisation’s compliance with information security standards and regulations. You will be at the forefront of establishing and maintaining robust security practices, focusing on ISO27001, GDPR, and data protection.
Key Responsibilities
- Information Security Management System (ISMS): Develop and embed the ISMS into our business operations, ensuring comprehensive security practices across the organisation. As part of this responsibility you will take the lead on:
- Supplier Reviews - ensuring we have a robust (but agile) supplier management process
- Security and Data Privacy Impact Assessments for new products and features we develop
- Partner Compliance - working with the Head of Compliance to ensure we have robust regulatory client onboarding and monitoring processes.
- ISO27001 Compliance: Oversee the implementation and maintenance of ISO27001 standards. Ensure all controls, policies and evidence are up-to-date and effective, working with a team of subject matter experts across finance, internal IT, DevSecOps and technology. We're an agile software company and we use tools such as Drata and Hypercomply to manage our ISMS. You will take the lead on ensuring the organisation uses these tools effectively and productively.
- Staying current with security trends, threats, and regulations to enhance the confidentiality, integrity, and availability of data at the firm.
- Audits: Take the lead from an Information Security Management System perspective on internal and external audits (including client audits and security questionnaires from prospective customers). You will be well supported by the team, but will take a leadership role on these activities.
- Collaboration: Work closely with various teams to ensure an integrated approach to information security, reporting to the Finance Director for clear separation from IT/DevSecOps.
Essential Qualifications
- ISO27001: Proven experience with ISO27001 implementation and maintenance.
- DPIA: Demonstrated ability to conduct and manage DPIAs.
- Audit Experience: Hands-on experience leading audits in at least one organisation.
- Organisational Skills: High level of organisation and attention to detail.
- Visibility: Comfortable with a public-facing role, engaging both internally and externally on infosec matters.
Preferred Qualifications
- Ideally you will have worked with Drata (or a similar system previously)
- Automation: General experience with automation and modern tooling to help automate evidence collection and enforcement of controls.