Information Security Compliance Manager

at  Moneyhub

WHO ARE WE AND WHY DO WE DO WHAT WE DO?

We are a data and payments company on a mission! We’re a group of developers, financial experts, and optimists who share a vision for improving the financial wellness of people, their businesses, and their communities.
We started this company with the aim of changing how the industry used and viewed data. As architects of Open Banking, Open Finance, and Open Data, we strive to be a force for good — changing the status quo of how businesses interact with people. We strive to serve the whole population through every change in their finances.
We do this by powering businesses through our APIs and Personal Finance Tech solutions as well as our own personal financial management app for consumers.
We can only do that by being an inclusive and diverse organisation. We invest in our people, and enjoy an environment focused on innovation, collaboration and openness.

ESSENTIAL QUALIFICATIONS

• ISO27001: Proven experience with ISO27001 implementation and maintenance.
• DPIA: Demonstrated ability to conduct and manage DPIAs.
• Audit Experience: Hands-on experience leading audits in at least one organisation.
• Organisational Skills: High level of organisation and attention to detail.
• Visibility: Comfortable with a public-facing role, engaging both internally and externally on infosec matters.

PREFERRED QUALIFICATIONS

• Ideally you will have worked with Drata (or a similar system previously)
• Automation: General experience with automation and modern tooling to help automate evidence collection and enforcement of controls.

SOUNDS GREAT RIGHT? WHAT WILL YOU BE DOING?

As an Information Security Compliance Manager, you will play a crucial role in ensuring our organisation’s compliance with information security standards and regulations. You will be at the forefront of establishing and maintaining robust security practices, focusing on ISO27001, GDPR, and data protection.

KEY RESPONSIBILITIES

• Information Security Management System (ISMS): Develop and embed the ISMS into our business operations, ensuring comprehensive security practices across the organisation. As part of this responsibility you will take the lead on:
• Supplier Reviews - ensuring we have a robust (but agile) supplier management process
• Security and Data Privacy Impact Assessments for new products and features we develop
• Partner Compliance - working with the Head of Compliance to ensure we have robust regulatory client onboarding and monitoring processes.
• ISO27001 Compliance: Oversee the implementation and maintenance of ISO27001 standards. Ensure all controls, policies and evidence are up-to-date and effective, working with a team of subject matter experts across finance, internal IT, DevSecOps and technology. We’re an agile software company and we use tools such as Drata and Hypercomply to manage our ISMS. You will take the lead on ensuring the organisation uses these tools effectively and productively.
• Staying current with security trends, threats, and regulations to enhance the confidentiality, integrity, and availability of data at the firm.
• Audits: Take the lead from an Information Security Management System perspective on internal and external audits (including client audits and security questionnaires from prospective customers). You will be well supported by the team, but will take a leadership role on these activities.
• Collaboration: Work closely with various teams to ensure an integrated approach to information security, reporting to the Finance Director for clear separation from IT/DevSecOps.