Security Governance Risk & Compliance Manager
London, England, United Kingdom
albelli-Photobox Group
Make stories from your photos. Print photos online or create personalised gifts with Photobox, the photo specialists. Photo Books, Prints, Canvases, more.About us
albelli and Photobox Group have merged to create a leading player in the online European Photo Product and Gifting market. Together we now serve a pan-European customer base of over 7 million customers, supported by our 1,150 colleagues across the United Kingdom, the Netherlands, France, Spain, Germany, Norway and Sweden. We are focussed on inspiring our customers to easily make beautiful photo products and bring their special moments to life.
What you’ll be responsible for as a Security Governance, Risk & Compliance Manager at albelli-Photobox Group
In your role we expect you to have a holistic view on the organisation and be able to identify our risks and drive initiatives to mitigate or resolve them. In a world where risks and compliance regulations are increasing we ask you to create visibility and define the actions needed to protect our organisation. You will ensure Senior stakeholders including the Board and Executive team are kept up-to-date regarding our risks, maturity levels and mitigation actions.
As part of the security team you will work with the team to implement and adapt processes and capabilities to ensure business continuity.
You will be mainly working in the following areas:
- Governance
- Risk management
- Manage compliance and maturity level
- Organisation and 3rd party risk assessments
- Business continuity plans
- Policies and processes
The impact you’ll make
Technology is at the core of the albelli-Photobox Group and technology powers our commercial and production operations across Europe. Our technology platforms enable our customers to transform photographs into the most thoughtful gifts. We understand these aren’t just photos, they’re treasured moments.
That’s why every part of the experience, from website to factory to front door, is designed to delight. To secure these treasured moments, albelli-Photobox Group is now seeking to appoint a GRC Manager For this role we’re looking for a security leader that has excellent stakeholder management with responsibilities across the albelli-Photobox Group of operating companies in the UK, Netherlands, Norway, France, Spain & Germany.
Responsibilities:
- Define and implement a Risk Management program
- Drive third party risk management
- Implement appropriate security governance & controls for technology & business initiatives
- Work with the leadership team and Board regarding operational risks and / or compliance issues
- Implement an Information Security Maturity Model based on NIST.
- Lead ongoing security & compliance initiatives, including ISO27001, PCI and GDPR.
- Establish, monitor information security standards
- Establish, maintain and educate the organisations security policies
- Proactively engage with product & software engineering teams to ensure that we monitor and mitigate risks and remain compliant in the development of new products and capabilities.
- Build employee security engagement, education and awareness through formal and informal initiatives.
- Conduct and guide internal and external risk assessments
- Conduct and guide internal and external audits
- Create and maintain a business continuity plan and drive initiatives across the organisation to ensure compliance.
Requirements
Who are you?
- You’ll have experience in a similar security role in a large consumer focussed business
- You’ll enjoy building relationships with key stakeholders and be an inspiring leader
- You know how to create and formulate the current/future security maturity of the organisation to senior leaders within the organisation.
- You’ll be comfortable explaining security threats and risks to a broad audience and the appropriate mitigation techniques and strategies including board members.
- You know how to drive change throughout a large organisation
Need to Have Experience:
- You’re a seasoned GRC professional in a Security setting
- Strong understanding of ISO27001, PCI & GDPR and the business and technology changes required to achieve & maintain compliance
- You use statistical, mathematical or financial techniques to assess the likelihood and impact of cyber-attack techniques, internal and external
- You have experience in creating a common set of security policies for the organisation
- You have experience in setting up and managing a risks management framework
- You will have experience with products & services hosted in public cloud platforms such as AWS
- You have performed internal and external risk analysis
- You can interpret legal and regulatory requirements and integrate them with an organisation’s operations
- Exceptional written and oral english communication skills required
Nice to Have Experience:
- Systems Auditor (CISA) or other similar credentials, is desired
Benefits
- Annual Performance bonus (Discretionary)
- 25 days of holiday a year (excluding public holidays) increasing by 1 day each year up to 30 days after 5 years continuous service
- 8 weeks out of the year to work working remotely abroad
- Healthcare, dental and life assurance
- Money Purchase Pension scheme with employer/employee contributions
- Season ticket loans
- Cycle to work scheme
- Credits to spend each year on company products
- Mental health and wellbeing support available 24/7
- Referral bonus when you bring your friends to join the team
Equal opportunities statement
We are committed to promoting equal opportunities in employment regardless of age, disability, gender reassignment, marital or civil partner status, pregnancy or maternity, race, colour, nationality, ethnic or national origin, religion or belief, sex or sexual orientation.
If you have a disability or special need that requires reasonable adjustments in order for you to perform at your peak during the interview, please let our HR team know ahead of time so that they can assist. We will consider the matter carefully and try to accommodate your needs within reason. If we consider a particular adjustment would not be reasonable we will explain our reasons and try to find an alternative solution where possible.
Sponsorship
We aren't able to offer sponsorship for this role so please only apply if you have the RTW in the Netherlands
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits AWS CISA Cloud Compliance GDPR Governance ISO 27001 NIST Risk analysis Risk assessment Risk management
Perks/benefits: Career development Health care Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs