Information Security GRC Lead

Our Mission🚀

Bud's mission is simple. We're here to create the world’s most compelling financial data products. The products we're building are used by some of the world's most prestigious institutions to help millions of their customers take control of their finances.

Your Mission👨‍🚀👩‍🚀

We’re looking for someone to work with our team to help further mature our approach to Governance, Risk and Compliance as relates to Information Security. At Bud, we don’t view compliance as an obstacle to business but as a guide to approaching things in a way that best protects consumers, and as a valuable asset which can be used to a commercial advantage in our industry. Our approach to security, and some novel techniques we have adopted in particular, are core to what we do at Bud and a common reason why our clients choose us.

You’ll be the main individual handling GRC in the area of Information Security including maintaining current standards, looking at how we can further mature our processes, policies, controls and frameworks, and working to implement improvements in this area. This includes in particular ensuring that we both meet required standards and regulations as well as client & consumer expectations. You’ll also work with teams across the business as they will turn to you for guidance and assistance related to information security in areas such as due diligence, not just to ensure we are not only compliant with regulations, but also to foster a culture of acting in a way that protects consumers and our clients using rigorous thinking and careful controls.

What impact will you make

• Managing day-to-day Bud’s Information Security GRC framework
• Ensuring Bud is fully compliant with ISO 27001 through identifying areas for improvement and working to execute such improvements
• Understanding the technical requirements on Bud relating to either accreditations, regulations, or contractual requirements by our clients in relation to information security and ensuring Bud is maintaining effective controls and policies to meet these requirements
• Using your technology risk management knowledge to support teams in developing new processes, controls and features by embedding good regulatory and risk practices
• Organise and lead company training sessions related to Information Security
• Assist our front-line compliance team on information security elements of external due diligence where required such as due diligence performed on Bud by prospective or current clients, or due diligence performed by Bud on its agents or suppliers
• Providing expertise in the conducting of risk assessments and root cause analyses on operational incidents on an ongoing basis in order to strengthen Bud’s risk and controls frameworks
• Work closely with Bud’s legal, risk, compliance and data teams to contribute to a coordinated approach to data security business-wide

A bit about you

• Experience implementing and managing a programme of compliance with ISO 27001
• Experience in Information Security, either from an engineering or risk & compliance perspective
• Look for ways to automate controls, compliance management and overarching management of an ISMS
• Strong understanding of UK/EU Data Protection legislation, in particular GDPR
• You have a good understanding of the three lines of defence model
• Have a balanced approach to risk & compliance solutions that weighs and balances regulatory, risk, compliance and commercial considerations
• You are hands-on, collaborative and excel in execution
• Process-driven and are effective at project management
• You are focused on delivering end-value and impact
• Strong communication skills and able to present objectives, strategies, concerns and impact assessments clearly to individuals in all departments and levels of the business including senior management
• Ability to take ownership and proactively lead workstreams and tasks with limited supervision

The role is a hybrid role where you may work from Bud’s office or remotely as often as you wish however attendance approximately once per month in our London office would be expected.

Taking it to the next level

These aren’t requirements, but are definitely a plus for any candidate!

• Worked in banking or fintech before
• You have a software engineering or security engineering background
• Experience working with technology and/or cyber risk
• Worked in an environment with SOC 2 and/or PCI DSS accreditation
• You have experience working in a SaaS company or where your technical platform is your main product
• Experience working in a company where their platform is based in the Cloud (Google Cloud Platform/AWS)

A bit more about us

We’re a diverse group of people. With backgrounds ranging from data science to music production, more than 80% of our team come from outside the world of finance – providing us with a unique perspective as we help consumers feel more in control of their lives. For us, an interest in people comes first; finance follows.

We believe that diversity will make us better.

Bud’s mission is to make the money part of people’s lives simple. To get there, we need a workforce that is diverse as the people we create our products for. Which means we need people who have different backgrounds and experiences, who are diverse in age, gender identity, race, sexual orientation, physical or mental ability, ethnicity, and ways of thinking. We truly believe that these differences will make us grow as a company and a team. We strive to create a workplace and culture where our people are empowered, supported, given equal opportunities and can bring their authentic selves to work.

Benefits

Compensation 💰

We offer competitive salaries in line with industry benchmarks, set using extensive market data. We review salaries on an annual basis to make sure we continue to reward people well for their contributions at Bud. We have benchmarked this role between £70,000-£80,000.

Career Progression 📈

We all know how important it is to make sure we’re all growing in our roles. We have a detailed career progression framework to help you track your development and growth during your time at Bud, and your level within this framework will be formally reviewed every six months.

Wellbeing 🏋️‍♀️🧘‍♂️

We understand how important it is to look after your physical and mental health, and also that this looks different for everyone. To support this, we offer a range of wellbeing benefits for our team. We have private medical insurance as well as a £50 monthly flexible wellbeing allowance. We also partner with the mental health platform, Spill, who provide therapy services and support.

Learning & Development 📚

As part of our commitment to developing our people, all employees at Bud have an annual £1000 pot available to use towards their learning and development - think books, courses & events - the choice is yours.

We also have quarterly R&D days, giving you the opportunity to take a break for 2 days from live projects and work on something that’s inspired you, either independently or as part of a collaborative team.

Flexible Working ⏳

As a trusted member of Bud, you’ll have the freedom and flexibility to manage your time and routine in a way that suits you, and your team, allowing you to deliver your best work. All of our roles can be based in our London office, or fully remote/distributed in the UK.

Time Off 🏖️

We’re a team that likes to work hard, so we need to make sure we balance this with time to rest and relax. We offer 25 days holiday, plus the usual bank holidays, plus additional time off over the holiday season.

We also give everyone two days of paid volunteering leave per year, to spend time on projects and initiatives that matter to you.

Pension 🏦

We believe in helping our staff save for retirement, with Bud matching pension contributions up to 5%.

Equipment 💻

We’ll get you all set up to work effectively and comfortably from Day 1 with an Apple laptop and any additional equipment you might need to work remotely.

Social 💃🕺

We’re big on keeping Bud a social place to work, with big quarterly events (we throw an epic summer party) and regular team socials.

Commuting 🚇

We are big advocates of sustainable transport and travel, and are members of a cycle to work scheme. We also have season ticket loans available.