Security Governance Risk & Compliance Manager

About us

albelli and Photobox Group have merged to create a leading player in the online European Photo Product and Gifting market. Together we now serve a pan-European customer base of over 7 million customers, supported by our 1,150 colleagues across the United Kingdom, the Netherlands, France, Spain, Germany, Norway and Sweden. We are focussed on inspiring our customers to easily make beautiful photo products and bring their special moments to life.

What you’ll be responsible for as a Security Governance, Risk & Compliance Manager at albelli-Photobox Group

In your role we expect you to have a holistic view on the organisation and be able to identify our risks and drive initiatives to mitigate or resolve them. In a world where risks and compliance regulations are increasing we ask you to create visibility and define the actions needed to protect our organisation. You will ensure Senior stakeholders including the Board and Executive team are kept up-to-date regarding our risks, maturity levels and mitigation actions.

As part of the security team you will work with the team to implement and adapt processes and capabilities to ensure business continuity.

You will be mainly working in the following areas:

• Governance
• Risk management
• Manage compliance and maturity level
• Organisation and 3rd party risk assessments
• Business continuity plans
• Policies and processes

The impact you’ll make

Technology is at the core of the albelli-Photobox Group and technology powers our commercial and production operations across Europe. Our technology platforms enable our customers to transform photographs into the most thoughtful gifts. We understand these aren’t just photos, they’re treasured moments.

That’s why every part of the experience, from website to factory to front door, is designed to delight. To secure these treasured moments, albelli-Photobox Group is now seeking to appoint a GRC Manager For this role we’re looking for a security leader that has excellent stakeholder management with responsibilities across the albelli-Photobox Group of operating companies in the UK, Netherlands, Norway, France, Spain & Germany.

Responsibilities:

• Define and implement a Risk Management program
• Drive third party risk management
• Implement appropriate security governance & controls for technology & business initiatives
• Work with the leadership team and Board regarding operational risks and / or compliance issues
• Implement an Information Security Maturity Model based on NIST.
• Lead ongoing security & compliance initiatives, including ISO27001, PCI and GDPR.
• Establish, monitor information security standards
• Establish, maintain and educate the organisations security policies
• Proactively engage with product & software engineering teams to ensure that we monitor and mitigate risks and remain compliant in the development of new products and capabilities.
• Build employee security engagement, education and awareness through formal and informal initiatives.
• Conduct and guide internal and external risk assessments
• Conduct and guide internal and external audits
• Create and maintain a business continuity plan and drive initiatives across the organisation to ensure compliance.

Requirements

Who are you?

• You’ll have experience in a similar security role in a large consumer focussed business
• You’ll enjoy building relationships with key stakeholders and be an inspiring leader
• You know how to create and formulate the current/future security maturity of the organisation to senior leaders within the organisation.
• You’ll be comfortable explaining security threats and risks to a broad audience and the appropriate mitigation techniques and strategies including board members.
• You know how to drive change throughout a large organisation

Need to Have Experience:

• You’re a seasoned GRC professional in a Security setting
• Strong understanding of ISO27001, PCI & GDPR and the business and technology changes required to achieve & maintain compliance
• You use statistical, mathematical or financial techniques to assess the likelihood and impact of cyber-attack techniques, internal and external
• You have experience in creating a common set of security policies for the organisation
• You have experience in setting up and managing a risks management framework
• You will have experience with products & services hosted in public cloud platforms such as AWS
• You have performed internal and external risk analysis
• You can interpret legal and regulatory requirements and integrate them with an organisation’s operations
• Exceptional written and oral english communication skills required

Nice to Have Experience:

• Systems Auditor (CISA) or other similar credentials, is desired

Benefits

• Annual Performance bonus (Discretionary)
• 25 days of holiday a year (excluding public holidays) increasing by 1 day each year up to 30 days after 5 years continuous service
• 8 weeks out of the year to work working remotely abroad
• Healthcare, dental and life assurance
• Money Purchase Pension scheme with employer/employee contributions
• Season ticket loans
• Cycle to work scheme
• Credits to spend each year on company products
• Mental health and wellbeing support available 24/7
• Referral bonus when you bring your friends to join the team

Equal opportunities statement

We are committed to promoting equal opportunities in employment regardless of age, disability, gender reassignment, marital or civil partner status, pregnancy or maternity, race, colour, nationality, ethnic or national origin, religion or belief, sex or sexual orientation.

If you have a disability or special need that requires reasonable adjustments in order for you to perform at your peak during the interview, please let our HR team know ahead of time so that they can assist. We will consider the matter carefully and try to accommodate your needs within reason. If we consider a particular adjustment would not be reasonable we will explain our reasons and try to find an alternative solution where possible.

Sponsorship

We aren't able to offer sponsorship for this role so please only apply if you have the RTW in the Netherlands