Information Security GCR Analyst

We're Checkout.com
We're building the connected finance businesses deserve. Unleashing them with tomorrow's technology, today. Our flexible payments solutions help global enterprises — like Samsung, Deliveroo and Adidas — launch new products and create experiences customers love. And it's not just what we build that makes us different. It's how.
We liberate smart, passionate people to collaborate, innovate and do their best work — faster. That's why we're one of the most valuable fintech firms around. But we're just getting started. By cutting through financial complexity, we'll empower companies to change the world. Join us. Unlock your potential.
Build tomorrow, today.
Information Security GCR Analyst at Checkout.com:
We are looking for a GRC Specialist to join our team to help mature and implement our Governance, Risk, and Compliance program across Checkout. In this role, you will join one of the most exciting startups in London and get to work in a complex cloud-first organization on a global scale. If you like working in fast paced environments and have a passion for all things security and compliance, then we want to hear from you.

What you will be doing

• Support in the review, design, and implementation of IT security standards (ISO/IEC 27001) and their implementation across the business
• Support in security and compliance matters including but not limited to implementation of new security tools, Internal/external auditor engagements, and any information security legislative/regulation compliance requirement
• Provide security subject matter expertise on projects undertaken by the business and act as an advisor on all business security policy, information risk management issues
• Support in the execution of the general data privacy assessment processes (including third-party assessments), internal control reviews, and risk assessments to monitor compliance with information security policies and standards
• Timely completion of client compliance questionnaires relating to information security
• Working effectively with IT, Engineering, and Customer service teams to coordinate InfoSec changes and ensure those information security requirements are embedded at an early stage of the business process
• Assist in developing and maintaining Security Incident Response Procedures and Data Breach Guidelines. Reviewing and reporting on security incidents, potential incidents, or other security risks and ensuring that appropriate correction and preventative measures are implemented
• Working with our sales teams to ensure that due diligence assessments, InfoSec questionnaires and RFPs are completed to deadlines
• Working closely with the wider team to support risk remediation and solution design related to vulnerability scanning and penetration testing of critical assets
• Ensure that the ISMS security, process, and critical systems documentation is maintained/reviewed at appropriate levels and at designated review times
• Assist in conducting Internal Information Security audits, producing reports with recommendations for remediation and improvement
• Assist in maintaining staff information security awareness

About You

• Recent experience of working in a similar capacity.
• Strong knowledge of information security principles.
• Excellent knowledge of methodologies, processes, and tools associated with Governance, Risk, and Compliance.
• Experience in policy, standard, guidelines, and procedure creation
• Strong knowledge of Information/Data security standards such as PCI DSS and ISO27001
• Relevant industry certification (e.g., ISO 27001 LA/LI, CRISC, CISA, CISSP, CISM, etc.).
• Proven experience in a GRC role
• Understanding and experience of implementing NIST CSF
• Knowledge of current information security legislative/regulatory requirements such as GDPR
• Demonstrable experience of using industry standards and good practice to shape information security activities
• Demonstrable experience of working with information security toolsets, such as vulnerability scanning tools or endpoint security products
• Demonstrable experience assessing security in cloud environments such as AWS, Azure, GCP)

What we stand for
At Checkout.com, everything starts with our values, including the experience we offer our people.
#AspireWe supercharge your professional growth with career development programs and leadership training. You can learn your way, with tailored pathways and online platforms. And be inspired at relevant conferences.
#ExcelWe don't stop at 'good' here. We strive for excellence amongst our teams every day and recognize colleagues who take it to the next level through our quarterly peer-nominated Hero awards.
#UniteWe're proud of our global connections and inclusive environment. So we champion this through our colleague-led community groups and celebrate many cultural events together.
Want to see us in action?
Take a peek inside here.
More about Checkout.comWe empower businesses to adapt, innovate and thrive with the connected payments they deserve. Our technology makes payments seamless. We provide the fastest, most reliable payments in more than 150 currencies, with in-country acquiring, world-class fraud filters and reporting, through one API. And we can accept all major international credit and debit cards, as well as popular alternative and local payment methods. Checkout.com launched in 2012, and we now have a team of 1000 people across 17 international offices. To date, we’ve raised a total of $830 million, with our recent Series C valuing us at $15 billion.
We believe in equal opportunitiesCheckout.com is an equal opportunities employer. We welcome applications from all members of society irrespective of age, sex, disability, sexual orientation, race, religion, or belief. We make recruiting decisions based on your experience, skills and personality. We believe that employing a diverse workforce is the right thing to do and is central to our success.