The role

We're seeking an experienced Information Security specialist with expertise in Governance, Risk, and Compliance to join our growing Security team. In this role, you'll be instrumental in developing, implementing, and maintaining our organisation's security governance framework while ensuring compliance with industry standards and regulations.

What Will You Do

• Maintain, implement, and improve security policies, standards, and procedures aligned with our global Information Security Management System (ISMS)

• Conduct risk assessments and coordinate risk mitigation activities across the online division

• Manage compliance with applicable regulations (ISO-27001, PCI-DSS, GDPR, EU AI Act, and industry-specific requirements) and prepare documentation for audits

• Lead internal and external security audits, manage audit findings, and oversee remediation activities

• Assess and manage vendor and third-party security risks

• Coordinate relevant teams for monitoring and remediation of vulnerabilities

• Act as a subject matter expert on information security and privacy matters, providing guidance to leadership and stakeholders

• Contribute to and enhance the security awareness programme to promote a strong security culture across the organisation

• Ensure that you adhere to the Governance, Risk & Compliance (GRC) obligations for your role.
• Identify and raise any non-compliance incidents promptly to your line manager.
• Challenge processes, policies and projects that will negatively impact compliance within the Group.
• Complete all mandatory compliance training assigned to you.
• Reach out to the Compliance Teams if unsure of any of your compliance obligations or the requirements are unclear.

Your challenge will be to identify and prioritise the security risks facing our organisation, and drive effective controls and mitigation strategies while maintaining compliance with evolving industry and regulatory requirements.

How Will Success Be Measured In This Role

• Achievement of security objectives and key deliverables on schedule

• Successful completion of internal and external audits with minimal findings

• Maintenance of compliance with applicable regulations and frameworks

• Completion of all relevant security training and certifications

• Demonstrated cross-functional collaboration and stakeholder engagement

• Regular performance reviews aligned with organizational objectives

• Embodiment of core company values

Your Experience

• Having worked 5+ years in a similar GRC role working within one or more information security domains including;

• Risk management

• Framework implementation

• Audit & Compliance