Security Governance, Risk & Compliance Lead
Tallinn
Wise
160+ countries, 40 currencies, one account. Save when you send, spend and manage your money internationally.Wise is one the fastest growing companies in Europe and we’re on a mission: to make money without borders the new normal. We’ve got 14 million customers across the globe and we’re growing. Fast.
Current banking systems don't let us send, spend or receive money across borders easily. Or quickly. Or cheaply.
So, we’re building a new one.
What you’ll be working on
You will be working as part of the Security Squad in our Security Program team. This team is focused on the Governance, Risk and Compliance (GRC) area of security, helping keep our systems secure for over 14 million customers.
As Wise becomes ever more integrated into financial systems around the globe, it is subject to ever greater scrutiny from regulators. If we’re successful, we’ll eventually become one of the most heavily regulated companies in the world. Your job will be to lead the team that oversees this program of work within the IT security space, developing new ways to scale regulatory compliance, working with other teams to create a Controls Environment that is whiter than white, and developing tooling that generates the evidence we need to prove it.
Governance
The team oversees various aspects of our security program, including engaging third parties for red team exercises and penetration testing. Determining and running security training for our team, and evolving our policies to better reflect our position and our processes.
Risk
Your team runs the risk management program for IT security, covering all aspects of security risk. Creating a risk taxonomy and regularly reviewing our risks in the light of our latest improvements, and the changing threat landscape we face.
Compliance
The team is directly responsible for coordinating yearly audits for our key international certifications: ISO27001, SOC1, SOC2 and PCI DSS. And for coordinating our response to numerous other IT security audits coming from our regulators around the world. The team helps gather evidence, and empowers our regional teams to increasingly handle these requests using the resources the team provides.
Should any findings arise, the team works closely with the responsible owners to deliver a remediation plan, to track our progress and flag delivery risks.
Your mission:
- Build on your existing infosec knowledge to develop a broad and deep understanding of the security environment with Wise.
- Lead a talented team of specialists, helping them grow and increase their skills, but get hands on when required to deliver for our customers.
- Drive the roadmap in collaboration with the team, and develop a plan to enable us to deal with ever greater scrutiny from regulators around the world.
- Iterate on our processes to better coordinate with different teams to deliver the projects we need to meet our regulators expectations.
- Work with other ownership areas to ensure our processes generate the data we need to show our controls are working.
- Learn how to clearly articulate our Controls Environment to external auditors, and to train others within your team to take ownership of that process.
What does success look like?
- First you’ll build an understanding of your team’s role within the security squad, and within the broader company’s mission: money without borders.
- You’ll work with your team to understand what’s working and what can be improved.
- Then develop a plan to iterate on the things that can be improved, and bring your team with you on that journey.
- You’ll efficiently scale your team, hiring the right people and developing those you have, to meet our evolving needs, and to help them meet their career objectives.
Must haves
- Passionate about Information Security
- Good communication skills
- Excellent knowledge of ISO27001, PCI DSS, SOC 2 or similar standard
- Experience explaining complex technical systems, including process flows and system architecture.
- Excellent knowledge and experience of Risk Management
- Have a good knowledge of secure development and security principles in engineering
- Self-starter with a track record of successfully working with a wide array of functional groups across an organisation and as well as working independently
- Have excellent attention to detail
- Are willing to travel, to work and learn with other teams
- Be excited to work in a high-growth company
- Be open, communicative, and fun to work with
- Have excellent problem solving skills
Nice to haves
- Experience with third party GRC tools
- Relevant Information Information Security qualification such as CISSP, CISA, CISM
- Willingness to work towards relevant Information Security qualifications
- Experience with Secure Development Lifecycle
- Data analysis skills including SQL
- Experience with our technical stack (Java, Postgres)
What you get back:
- 🚀 Stock options in a growing company
- 💪 An annual self-development budget
- 🐶 Pet friendly offices
- 🏃♀️Lots of fun group activities like yoga, running and boardgame nights
- 🎉 An annual, all-expenses-paid company trip, Summer Days
- 🏝️ A paid 6-week sabbatical leave after four years
Find out more about our benefits in our Tallinn office.
Interested? Find out more:
We’re people without borders — without judgement or prejudice, too. We want to work with the best people, no matter their background. So if you’re passionate about learning new things and keen to join our mission, you’ll fit right in.
Also, qualifications aren’t that important to us. If you’ve got great experience, and you’re great at articulating your thinking, we’d like to hear from you.
And because we believe that diverse teams build better products, we’d especially love to hear from you if you’re from an under-represented demographic.
#LI-GC1
Tags: Audits Banking CISA CISM CISSP Compliance Governance ISO 27001 Java PCI DSS Pentesting PostgreSQL Red team Risk management SOC SOC 1 SOC 2 SQL
Perks/benefits: Career development Equity Paid sabbatical Pet friendly Startup environment Team events Travel Yoga
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs