Grc Specialist - London, United Kingdom - TrueLayer

TrueLayer

Verified Company

London, United Kingdom

3 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Who we are:

At TrueLayer, we're creating a payments network that better connects banks, businesses and everybody. And we're going big. We're taking on cards with a payment method that's actually designed for the online, on-demand world we live in.

Removing friction from the most crucial part of commerce:
the payment.

To date, we've raised $270 million from world-renowned investors including Stripe, Tiger Global, Addition and Tencent. We've got offices in London, Milan and Dublin. And we're trusted by industry leaders like Revolut, Coinbase and Nutmegthough we're not stopping here.

We're on a mission to change the way the world pays, invests, shops and saves. To transform how people approach payments. To build a brand that redefines an entire industry — and we'd like your help to get us there. So what do you say?

Description:

Security is a core pillar across all of TrueLayer's products.

Building, maintaining and monitoring our security infrastructure, as well as championing best security practices across the business, they empower both their colleagues and our clients and ensure the availability, stability and security of our platform.

The GRC function within the Security team supports compliance required for customers to be onboarded and drive revenue and therefore needs to grow to support the business growth.

We're looking for a GRC Specialist to join our existing team to shape and mature our Security GRC function and embed scalable processes.

As part of an ambitious team, you'll be given hands-on exposure to the latest technologies and practices and entrusted with crucial responsibilities and decisions, playing a key part in securing our products as we continue to grow.

As our GRC Specialist, you will:

Be responsible for supporting the Security GRC Lead to ensure the effective day to day management of tasks and processes related to information security governance, risk and compliance.
Contributing to audit and attestation activities.
Supporting the management of the security risk register and related risk treatment plans which could involve designing compensating control and conducting exception reviews.
Supporting the development of the internal controls framework, linking information security risks to controls.
Support with a triage of all security GRC related queries from the business and escalate the GRC lead as necessary.
Completion of Security Due diligence requests.
Supplier Due diligence reviews.

Audit

There are several audits that happen throughout the year that are managed by the GRC and require time throughout the year to embed and monitor controls for 'audit readiness' and to maintain security practices.
These include but are not limited to:

SOC 2 Type

ISO 2700
Cyber Essentials
Cyber Essentials

Plus

ISO Internal Audit
Regulatory reporting input
Supplier Due Diligence
Customer Due Diligence

Requirements:

What we expect from you:

Previous experience in a GRC role or similar capacity, preferably within the technology or financial services industry.
Demonstrated knowledge of information security governance, risk management, and compliance frameworks (e.g., ISO 27001, SOC 2, Cyber Essentials).
Experience in conducting audits and attestation activities, including familiarity with audit processes and methodologies.
Strong analytical skills with the ability to assess risks and develop effective risk mitigation strategies.
Excellent communication skills, both verbal and written, with the ability to interact effectively with stakeholders at all levels.
Detailoriented with a focus on accuracy and precision in documentation and reporting.
Proficiency in project management, including the ability to prioritize tasks and manage multiple projects concurrently.
Familiarity with regulatory requirements relevant to the financial services industry (e.g., GDPR, PSD2) is desirable.
Ability to collaborate effectively within a team environment and contribute to a positive and inclusive workplace culture.
Willingness to learn and adapt to new technologies, processes, and industry developments.

Nice to haves:

Bachelor's degree in Information Security, Computer Science, Business Administration, or a related field.
Understanding of NIST
A relevant certification (e.g., CISA, CISSP, CRISC) is a plus.

Don't meet all the requirements?

Benefits:

What you can expect from us:
Meaningful equity in the company

Flexible hours and hybrid working — work from home 3 days a week and our incredible offices 2 days a week in London Milan and Dublin Need to collect the kids from childcare? Love a workout in the gym first thing? No worries, we trust you to do your best work within our hybrid framework A one-off remote-working budget to help you set up your home office 24 days holiday as standard with flexible bank holidays, so you can take those days whenever you like 12 fully-paid wellbeing days a year and