|Job Type:||Full Time|
Help a cutting-edge, dynamic and fast-growing fintech company prove to clients, regulators and other important stakeholders that it meets high standards for privacy and security in its operations around the world.
GoCardless processes billions in payments each year. Tens of thousands of businesses around the world rely on us to handle their payments.
We treat our ISO 27001 certification as more than a box-ticking exercise. It’s how we demonstrate to those businesses, and to our regulators and other important stakeholders, that our systems are secure and that we handle personal data responsibly. So we’re looking for the right person to join the Privacy & Security Risk team and help us maintain, update, optimise and expand our privacy & security certification framework and run this important program.
Learn from and work with our Director of Privacy & Security Risk (an experienced Data Protection Officer) as well as the privacy & security engineering team to manage our certification frameworks for privacy and security - areas that have become critical to society. Our certifications are a key part of our sales proposition and regulatory compliance, and serve as the evidence our stakeholders need that we are securing our data and systems, respecting privacy, and complying with GDPR and other privacy laws around the world.
The role will involve:
- Running our ISO 27001 certification audits and maintaining documentation of the controls and their supporting evidence
- Working directly with our internal and external auditors to identify and track gaps in our certification compliance
- Making the case for expanding our certification program to cover new areas, including privacy certifications like ISO 27701
- Managing the tools that help us keep track of our compliance with the certification standard, and identifying opportunities for automation and the tools to achieve it
- Flagging risks, analysing root causes and reporting on results related to ISO standard controls, and spotting and escalating issues related to the broader privacy & security programs
- Influencing and managing evidence and progress from teams across the business, including senior management as well as Product, Engineering Sales, IT Security, Risk & Compliance, Marketing and People
- Communicating frequently to ensure continued support and progress for certification controls across the organisation
What we're looking for
We’re looking for someone who is keen to increase their knowledge of emerging privacy & security risks. Someone who is operational, able to drive processes from design to conclusion and comfortable working independently, while also being a great collaborator on complex multi-team projects.
You will have a head for project management and organisation. You will take a proactive and organised approach, working with teams across the business to get the inputs you need, on time, every time.
You know how to keep stakeholders informed and engaged with clear communication and concrete objectives.
We’re a technology business, so it helps if you've had experience in a similar area or an interest in tech outside of work.
We’d love to hear from you if:
- You have worked in or are genuinely interested in the world of privacy and security
- You’re familiar with certification processes like ISO or SOC
- You are a project-management pro, handling gantt charts with ease
- Your communication skills are first class, and you are able to distil complex matters into understandable English
- You enjoy finding and implementing new tools and technologies to drive efficiencies
- You savour a challenge, don’t get disheartened easily and drive projects through to completion
- You are easy to work with, and want to work in a fun, fast-growing and fast-paced young company
Bonus points if:
- You can show experience managing an ISO or SOC certification programme
- You have solid experience in cybersecurity, privacy or data protection program management
- You’ve got a professional certification like IAPP CIPM or CISSP or are a licensed ISO auditor
- You have experience at a startup
This role will provide you the opportunity to lead key activities to progress your career. It would ideally suit someone with some experience dealing directly with certification management or with data protection, security or other risk & compliance frameworks. However, we recognise that the most talented people can have the most unusual backgrounds, so if you’re unsure, please apply. The role will be based in London and we are looking to employ the right person full time, but will consider part-time applicants.