Security GRC Lead

Requirements:

• Team Leadership: Lead and mentor a multidisciplinary, international team. You will be responsible for setting clear objectives, managing performance, and fostering a culture of technical excellence.
• Regulatory and Audit Engagement: Act as a contact point for regulators and auditors for matters relating to information security and technology risk. You will ensure that our regulatory obligations are understood and mapped to our control framework, and ensure that we are ready for audits and inspections.
• Controls Assurance: Provide oversight and support to the Controls Testing team as we build out the function to meet our growing obligations, and move towards a data-driven, continuous assurance model.
• Risk Management: Own our security risk management processes, integrating with enterprise risk management processes and collaborating closely with our 2LoD Technology Risk team.
• Regional Strategy: Support the Regional ISO team to navigate local regulatory requirements while maintaining a consistent global security posture.

Nice to Haves:

• You have managed international teams and are comfortable working across different timezones and cultural contexts.
• You have hands-on experience working in Cloud Native technology environments.
• You have broad knowledge of international information security frameworks (e.g. ISO27001, NIST CSF, PCI-DSS) and international technology risk regulations (e.g. DORA, NYDFS 500, CPS234).
• You have experience of working directly with international regulators.
• You are an excellent communicator with strong stakeholder management skills.
• You hold an internationally recognised security certification (CISSP, CISM, MCIIS etc.)

What You'll Be Doing:

• Leading and mentoring a multidisciplinary, international team.
• Acting as a contact point for regulators and auditors for information security and technology risk matters.
• Providing oversight and support to the Controls Testing team.
• Owning security risk management processes and collaborating with the Technology Risk team.
• Supporting the Regional ISO team in navigating local regulatory requirements.