Security Governance, Risk & Compliance Manager

at  VetPartners Limited

We are looking for a Security Governance, Risk & Compliance Manager to join the team at VetPartners. This role will be part of a brand new team.
The Security Governance, Risk & Compliance Manager is a pivotal role in developing a culture of security across a diverse group spanning UK and Europe. With a heavy emphasis on training and awareness, it also incorporates the development of security policies and processes, risk management standards and reporting.
VetPartners was established in October 2015 by our CEO and founder Jo Malone, a qualified vet, as she wanted to create a group to help practices grow and that would reflect the values she holds dearly, such as being respectful, working in collaboration, supporting each other and being dedicated and approachable.

What you’ll be doing:

• Assist with the ongoing development of the governance, risk, and compliance program to align with industry best practices, regulatory requirements, and compliance with SOC2 and ISO 27001
• Develop and maintain information security policies, procedures, standards, and guidelines
• Manage the Privacy Program, including compliance with GDPR, CCPA/CCRA, Privacy Shield, etc.
• Create and maintain data flow diagrams, network diagrams, and other illustrations as needed
• Develop and deliver security awareness and training programs to educate employees on security policies, procedures, and best practices
• Establish and support ongoing monitoring efforts to ensure compliance with internal policies, appropriate regulations, and contractual obligations
• Support the development of Business Continuity and Disaster Recovery plans and related documents in accordance with industry standards and best practices
• Collaborate with internal teams to perform risk assessments, identify potential threats and vulnerabilities, and support the development of risk mitigation strategies
• Manage and maintain the risk register
• Identify areas for process improvement within the GRC program and assist in implementing enhancements to improve effectiveness and efficiency
• Develop an understanding of the processes related to identity and access management and ensure appropriate reviews are performed in accordance with policy
• Stay current with industry trends, emerging threats, and best practices in information security to ensure the organization remains proactive and well-prepared against potential risks
• Foster a culture of security awareness and accountability throughout the organization
• Contribute to and achieve business and departmental goals and objectives. Security GRC Manager 2

What we need from you:

• 3+ years’ experience in a similar role, with a strong background in IT security, information assurance or related field
• Proficient in documentation, including policy creation and data flow diagrams
• In-depth knowledge of security frameworks, standards, and regulations (e.g., NIST, ISO 27001, SOC2, GDPR, etc)
• Strong analytical and problem-solving skills, with the ability to assess complex security issues and develop effective solutions
• Excellent communication and interpersonal skills, with the ability to effectively communicate security-related concepts to technical and non-technical audiences
• Ability to work independently with minimal supervision
• Ability to prioritize tasks and projects to meet deadlines
• Professional certifications are a plus

What we can offer:

• Competitive Salary
• Health Shield Policy - a health cash plan that can help you budget for your everyday health needs and give discounts with supermarkets and other retailers
• Cycle to Work Scheme
• Career opportunities - you’ll have the support from your line manager and a range of learning & development programmes
• A flexible working environment, with the option of working remotely
• 25 days holiday + bank holidays
• CPD allowance
• Enhanced Maternity/Paternity pay
• Buy & Sell holiday scheme

If you’re interested in joining an exciting new team please apply now

• Assist with the ongoing development of the governance, risk, and compliance program to align with industry best practices, regulatory requirements, and compliance with SOC2 and ISO 27001
• Develop and maintain information security policies, procedures, standards, and guidelines
• Manage the Privacy Program, including compliance with GDPR, CCPA/CCRA, Privacy Shield, etc.
• Create and maintain data flow diagrams, network diagrams, and other illustrations as needed
• Develop and deliver security awareness and training programs to educate employees on security policies, procedures, and best practices
• Establish and support ongoing monitoring efforts to ensure compliance with internal policies, appropriate regulations, and contractual obligations
• Support the development of Business Continuity and Disaster Recovery plans and related documents in accordance with industry standards and best practices
• Collaborate with internal teams to perform risk assessments, identify potential threats and vulnerabilities, and support the development of risk mitigation strategies
• Manage and maintain the risk register
• Identify areas for process improvement within the GRC program and assist in implementing enhancements to improve effectiveness and efficiency
• Develop an understanding of the processes related to identity and access management and ensure appropriate reviews are performed in accordance with policy
• Stay current with industry trends, emerging threats, and best practices in information security to ensure the organization remains proactive and well-prepared against potential risks
• Foster a culture of security awareness and accountability throughout the organization
• Contribute to and achieve business and departmental goals and objectives. Security GRC Manager