Security GRC Lead
London, England, United Kingdom
Applications have closed
Skimlinks, a Connexity company, is a global e-commerce monetization platform, with offices in LA, London, Germany, and NYC. We work with over 60,000 premium publishers (Condé Nast, Hearst Magazines, Buzzfeed…) and 50,000 retailers around the world (Nordstrom, Anthropologie, Saks, Urban Outfitters, Coach, Lululemon...)helping content producers get paid commissions for the products and brands they write about. This gives us a direct view of the browsing and shopping behaviours of over 650 million users. Our technology understands the web pages users visit, the brands and products they look at, the links they click on, and the purchases they make, across our entire network. We track over $2.5m affiliated sales every day and have the expertise and the tools to power all commerce strategies on every channel development of new Merchant / Advertiser client relationships. Connexity has recently been acquired by Taboola to make the first Open-Web Source for Publishers connecting editorial content to product recommendations, where readers can easily buy products related to stories they are reading. Over the last 2 years with our parent company, Taboola, we've gone from being a privately held company to a public company, and as such we are scaling the scope of our compliance activities. As Security GRC lead, you will help take us from walking to running in this new stage of GRC maturity.
Responsibilities Include:
* Lead the operationalisation of security compliance programs to support various compliance regulations.
* Establish and manage Connexity's Governance, Risk Management & Compliance (GRC) operating model and workflow.
* Perform security review on all Connexity and Skimlinks vendors with access to Connexity's information.
* Manage yearly security certification, SOX certification, ISO27001 certification, and other GRC certification activities
* Manage and coordinate risk assessments and penetration tests in the company.
* Establish and maintain security metrics and reporting.
* Respond to customer security/compliance questionnaires
* Contribute to security and compliance policy definition and refinement
* Work with IT, Engineering and compliance professionals across the organisation to ensure that policy adherence is maintained.
Requirements
* Candidate must have 5+ years working in governance, risk and compliance and/or information security and risk management.
* Functional knowledge of applicable security and privacy regulatory requirements (SOX, GDPR).
* Functional knowledge of ISMS governance models (i.e. ISO 27001, NIST), information security roles, security controls.
* Functional knowledge of common security certifications (i.e. ISO 27001) and ability to glean significance from findings identified in these reports.
* Ability to communicate risk methodologies and concepts to the business unit and IT.
* Demonstrated experience with controls definition, development, implementation and assessment.
* Strong interpersonal skills and ability to work effectively with diverse and distributed teams.
* Strong attention to detail, project management and organisational skills.
Benefits
Voted “Best Places to Work,” our culture is driven by self-starters, team players, and visionaries. Headquartered in Los Angeles, California, the company operates sites and business services in the US, UK, and EU. We offer top benefits including Annual Leave Entitlement, paid holidays, competitive comp, team events and more! Learning & Development is also of vital importance to Connexity where each employee has their own career plan, and receives their own Annual Learning Budget to spend as they wish.
- Healthcare insurance & cash plans
- Pension
- Income Protection
- Parental Leave Policies
- Learning & Development Program
- Flexible work schedules and work from home/work from office policy
- Wellness Resources
- Equity
We are committed to providing a culture at Connexity that supports the diversity, equity and inclusion of our most valuable asset, our people. We encourage individuality and are driven to represent a workplace that celebrates our differences, and provides opportunities equally across gender, race, religion, sexual orientation, and all other demographics. Our actions across Education, Recruitment, Retention, and Volunteering reflect our core company values and remind us that we’re all in this together to drive positive change in our industry.
#HP
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Compliance E-commerce GDPR Governance ISMS ISO 27001 NIST Privacy Risk assessment Risk management SOX
Perks/benefits: Career development Competitive pay Flex hours Parental leave Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs