Senior Security & GRC Lead

GoHenry is a UK-based fintech company created by parents to pioneer financial education. More recently, GoHenry moved into Europe and the US by joining forces with French fintech company PixPay and US investing app, Acorns. 

Together, Acorns, PixPay, and GoHenry have over 6 million members across 5 countries. GoHenry offers a debit card and app for kids and teens and companion apps for the family, with in-app tools for sending money, automating allowance, managing chores, setting savings goals, giving to charity, and in-app financial education lessons where kids can watch videos, take quizzes and earn points & badges. This is all designed to help kids and teens build good money habits that will last a lifetime.

The Role 

We are looking for a Senior Security GRC Lead who has come from a technical background to provide governance and risk support in the context of a FinTech, but can take on some technical tasks when the need requires.  The role will involve collaborating with their fellow team members within a combined IT/Security and Compliance team, with our own GoHenry Business Risk & compliance team, external auditors/assessors, and other stakeholders in order to maintain an appropriate compliance posture.

2024 is an exciting time and  will include major PCI-DSSV4, SOC 2 type 1, SOX, and NIS2/DORA Compliance programs. In addition, BAU activities are likely to include conducting our internal DD vendor assessment, responding to supplier/partner assessments, and statutory audits will be with your remit.

Responsibilities

• Collating Cybersecurity risks and risk register management.
• Manage and attain our SOC 2 certification and manage these audits going forward.
• Manage / support PCI-DSS compliance and audits.
• 3rd party risk assessment and continued 3rd party risk management from a cyber security perspective 
• Completing incoming 3rd party risk questionnaires.
• Promote widespread implementation of ISO 2700/NIST CSF/PCI standards.
• Maintain and monitor a central ISMS as part of our governance framework. 
• Working together with other stakeholders to link IT, our internal risk & compliance team, and privacy departments.
• Review and refresh security standards, policies, and gain management sign-off on an annual basis to make sure they meet corporate demands.
• Assist the department in responding to inquiries from the business units about ongoing operational compliance.

Requirements

• 8+ years of direct experience in information security, mainly within Banking or Payments.. 
• 3+ years of expertise conducting ISO 27001, PCI, GDPR,  and SOC 2 audits, as well as handling audit responses.
• Thorough understanding of market structures, including relevant regulatory compliance requirements (ISO27001, SOC2 , NIST, PCIDSS, FCA/PRA.)
• CISSP/CISM or similar would be a plus.

Benefits

• Flexible working
• BUPA Private Medical
• 25 days annual leave, plus public holidays
• An additional day off on the week of your birthday
• Flexible public holidays
• Family friendly leave polcies
• Death In Service Benefit - X4 your annual salary
• Mental Health Platform - OpenUp
• Nursery/ Childcare Benefits
• Cycle to work scheme
• Gym Discounts
• Training budget.

We're proud to say...

• We ranked #38 in Newsweek's Top 100 Most Loved Workplaces in the UK in 2023 
• We’re one of Tech Track’s top 50 fastest-growing UK companies. 
• We won Finders Kid’s Cards Customer Satisfaction Awards in 2022 and 2023. 
• We won the Tech for Good award at the Better Society Awards 2023 
• Our kids and parents have donated over £500,000 of their own money to NSPCC via their GoHenry accounts

GoHenry is an equal-opportunity employer, and we’re on a mission to foster a diverse & inclusive workplace. Individuals seeking employment at GoHenry are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law. 

Want to join our mission? 

If GoHenry sounds like a place you’d like to be, please apply using the link below.