Security Governance, Risk & Compliance Lead

Wise is one the fastest growing companies in Europe and we’re on a mission: to make money without borders the new normal. We’ve got 14 million customers across the globe and we’re growing. Fast.

Current banking systems don't let us send, spend or receive money across borders easily. Or quickly. Or cheaply. 

So, we’re building a new one.

What you’ll be working on

You will be working as part of the Security Squad in our Security Program team. This team is focused on the Governance, Risk and Compliance (GRC) area of security, helping keep our systems  secure for over 14 million customers.  

As Wise becomes ever more integrated into financial systems around the globe, it is subject to ever greater scrutiny from regulators.  If we’re successful, we’ll eventually become one of the most heavily regulated companies in the world.  Your job will be to lead the team that oversees this program of work within the IT security space, developing new ways to scale regulatory compliance, working with other teams to create a Controls Environment that is whiter than white, and developing tooling that generates the evidence we need to prove it.

Governance

The team oversees various aspects of our security program, including engaging third parties for red team exercises and penetration testing.  Determining and running security training for our team, and evolving our policies to better reflect our position and our processes. 

Risk

Your team runs the risk management program for IT security, covering all aspects of security risk.  Creating a risk taxonomy and regularly reviewing our risks in the light of our latest improvements, and the changing threat landscape we face.

Compliance

The  team is directly responsible for coordinating yearly audits for our key international certifications: ISO27001, SOC1, SOC2 and PCI DSS.  And for coordinating our response to numerous other IT security audits coming from our regulators around the world.  The team helps gather evidence, and empowers our regional teams to increasingly handle these requests using the resources the team provides.

Should any findings arise, the team works closely with the responsible owners to deliver a remediation plan, to track our progress and flag delivery risks.

Your mission:

• Build on your existing infosec knowledge to develop a broad and deep understanding of the security environment with Wise.
• Lead a talented team of specialists, helping them grow and increase their skills, but get hands on when required to deliver for our customers.
• Drive the roadmap in collaboration with the team, and develop a plan to enable us to deal with ever greater scrutiny from regulators around the world.
• Iterate on our processes to better coordinate with different teams to deliver the projects we need to meet our regulators expectations.
• Work with other ownership areas to ensure our processes generate the data we need to show our controls are working.
• Learn how to clearly articulate our Controls Environment to external auditors, and to train others within your team to take ownership of that process.

What does success look like?

• First you’ll build an understanding of  your team’s role within the security squad, and within the broader company’s mission: money without borders.
• You’ll work with your team to understand what’s working and what can be improved.
• Then develop a plan to iterate on the things that can be improved, and bring your team with you on that journey.
• You’ll efficiently scale your team, hiring the right people and developing those you have, to meet our evolving needs, and to help them meet their career objectives.

Must haves

• Passionate about Information Security
• Good communication skills
• Excellent knowledge of ISO27001, PCI DSS, SOC 2 or similar standard
• Experience explaining complex technical systems, including process flows and system architecture.
• Excellent knowledge and experience of Risk Management
• Have a good knowledge of secure development and security principles in engineering
• Self-starter with a track record of successfully working with a wide array of functional groups across an organisation and as well as working independently
• Have excellent attention to detail
• Are willing to travel, to work and learn with other teams
• Be excited to work in a high-growth company
• Be open, communicative, and fun to work with
• Have excellent problem solving skills

Nice to haves

• Experience with third party GRC tools
• Relevant Information Information Security qualification such as CISSP, CISA, CISM
• Willingness to work towards relevant Information Security qualifications
• Experience with Secure Development Lifecycle
• Data analysis skills including SQL
• Experience with our technical stack (Java, Postgres)

What you get back:

• 🚀 Stock options in a growing company 
• 💪 An annual self-development budget
• 🐶 Pet friendly offices 
•  🏃‍♀️Lots of fun group activities like yoga, running and boardgame nights 
• 🎉 An annual, all-expenses-paid company trip, Summer Days 
• 🏝️ A paid 6-week sabbatical leave after four years 

Find out more about our benefits in our Tallinn office.

Interested? Find out more:

• 👀 How we work - a practical guide
• 💻 The Wise Tech Stack, 2020 edition
• 🚀 The true value of stock

We’re people without borders — without judgement or prejudice, too. We want to work with the best people, no matter their background. So if you’re passionate about learning new things and keen to join our mission, you’ll fit right in.

Also, qualifications aren’t that important to us. If you’ve got great experience, and you’re great at articulating your thinking, we’d like to hear from you.

And because we believe that diverse teams build better products, we’d especially love to hear from you if you’re from an under-represented demographic.

#LI-GC1