Return to jobs
Join GoHenry and lead the charge in pioneering financial education for the next generation with your cybersecurity expertise
Overview
Salary
No salary declared 😔
Location
London United Kingdom
Expires
Expires at anytime
GoHenry is a trailblazing fintech company that empowers kids and teens to develop sound financial habits through innovative tools and educational resources. At the forefront of financial education, GoHenry has expanded globally, serving over 6 million members, and received accolades for its commitment to creating a positive social impact. At this dynamic juncture, the company seeks a seasoned Senior Security GRC Lead to bolster its governance and risk frameworks.
- Collaborate with IT, Security, and Compliance teams to ensure robust compliance posture.
- Drive major compliance programs like PCI-DSSV4, SOC 2, SOX, and NIS2/DORA.
- Conduct internal and third-party risk assessments, managing cybersecurity risks.
- Advance implementation of ISO 2700/NIST CSF/PCI standards and maintain ISMS.
- Refresh security standards and policies, engaging with various business units.
- Minimum 8 years of information security experience, preferably in Banking or Payments.
- At least 3 years of expertise in conducting and managing audits (ISO 27001, PCI, GDPR, SOC 2).
- In-depth knowledge of regulatory compliance requirements and market structures.
- Professional certifications such as CISSP/CISM are advantageous.
GoHenry offers flexible working arrangements, private medical insurance, generous annual leave, family-friendly policies, and a commitment to diversity and inclusion. If you're ready to be a part of a company that's shaping the future of financial education, apply now to take the next step in your career at GoHenry!
GoHenry is a UK-based fintech company created by parents to pioneer financial education. More recently, GoHenry moved into Europe and the US by joining forces with French fintech company PixPay and US investing app, Acorns.
Together, Acorns, PixPay, and GoHenry have over 6 million members across 5 countries. GoHenry offers a debit card and app for kids and teens and companion apps for the family, with in-app tools for sending money, automating allowance, managing chores, setting savings goals, giving to charity, and in-app financial education lessons where kids can watch videos, take quizzes and earn points & badges. This is all designed to help kids and teens build good money habits that will last a lifetime.
The Role
We are looking for a Senior Security GRC Lead who has come from a technical background to provide governance and risk support in the context of a FinTech, but can take on some technical tasks when the need requires. The role will involve collaborating with their fellow team members within a combined IT/Security and Compliance team, with our own GoHenry Business Risk & compliance team, external auditors/assessors, and other stakeholders in order to maintain an appropriate compliance posture.
2024 is an exciting time and will include major PCI-DSSV4, SOC 2 type 1, SOX, and NIS2/DORA Compliance programs. In addition, BAU activities are likely to include conducting our internal DD vendor assessment, responding to supplier/partner assessments, and statutory audits will be with your remit.
Responsibilities
- Collating Cybersecurity risks and risk register management.
- Manage and attain our SOC 2 certification and manage these audits going forward.
- Manage / support PCI-DSS compliance and audits.
- 3rd party risk assessment and continued 3rd party risk management from a cyber security perspective
- Completing incoming 3rd party risk questionnaires.
- Promote widespread implementation of ISO 2700/NIST CSF/PCI standards.
- Maintain and monitor a central ISMS as part of our governance framework.
- Working together with other stakeholders to link IT, our internal risk & compliance team, and privacy departments.
- Review and refresh security standards, policies, and gain management sign-off on an annual basis to make sure they meet corporate demands.
- Assist the department in responding to inquiries from the business units about ongoing operational compliance.
Requirements
- 8+ years of direct experience in information security, mainly within Banking or Payments..
- 3+ years of expertise conducting ISO 27001, PCI, GDPR, and SOC 2 audits, as well as handling audit responses.
- Thorough understanding of market structures, including relevant regulatory compliance requirements (ISO27001, SOC2 , NIST, PCIDSS, FCA/PRA.)
- CISSP/CISM or similar would be a plus.
Benefits
- Flexible working
- BUPA Private Medical
- 25 days annual leave, plus public holidays
- An additional day off on the week of your birthday
- Flexible public holidays
- Family friendly leave polcies
- Death In Service Benefit - X4 your annual salary
- Mental Health Platform - OpenUp
- Nursery/ Childcare Benefits
- Cycle to work scheme
- Gym Discounts
- Training budget.
We're proud to say...
- We ranked #38 in Newsweek's Top 100 Most Loved Workplaces in the UK in 2023
- We’re one of Tech Track’s top 50 fastest-growing UK companies.
- We won Finders Kid’s Cards Customer Satisfaction Awards in 2022 and 2023.
- We won the Tech for Good award at the Better Society Awards 2023
- Our kids and parents have donated over £500,000 of their own money to NSPCC via their GoHenry accounts
GoHenry is an equal-opportunity employer, and we’re on a mission to foster a diverse & inclusive workplace. Individuals seeking employment at GoHenry are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.
Want to join our mission?
If GoHenry sounds like a place you’d like to be, please apply using the link below.
