GRC Specialist

Description

Security is a core pillar across all of TrueLayer's products. Building, maintaining and monitoring our security infrastructure, as well as championing best security practices across the business, they empower both their colleagues and our clients and ensure the availability, stability and security of our platform.

The GRC function within the Security team supports compliance required for customers to be onboarded and drive revenue and therefore needs to grow to support the business growth. We're looking for a GRC Specialist to join our existing team to shape and mature our Security GRC function and embed scalable processes.

As part of an ambitious team, you'll be given hands-on exposure to the latest technologies and practices and entrusted with crucial responsibilities and decisions, playing a key part in securing our products as we continue to grow.

As our GRC Specialist, you will:

• Be responsible for supporting the Security GRC Lead to ensure the effective day to day management of tasks and processes related to information security governance, risk and compliance.
• Contributing to audit and attestation activities.
• Supporting the management of the security risk register and related risk treatment plans which could involve designing compensating control and conducting exception reviews.
• Supporting the development of the internal controls framework, linking information security risks to controls.
• Support with a triage of all security GRC related queries from the business and escalate the GRC lead as necessary.
• Completion of Security Due diligence requests.
• Supplier Due diligence reviews.
• Audit - There are several audits that happen throughout the year that are managed by the GRC and require time throughout the year to embed and monitor controls for 'audit readiness' and to maintain security practices.
• These include but are not limited to:
• SOC 2 Type 2
• ISO 27001
• Cyber Essentials
• Cyber Essentials Plus
• ISO 270011 Internal Audit
• Regulatory reporting input
• Supplier Due Diligence
• Customer Due Diligence

Requirements

Who you are:

• Previous experience in a GRC role or similar capacity, preferably within the technology or financial services industry.
• Demonstrated knowledge of information security governance, risk management, and compliance frameworks (e.g., ISO 27001, SOC 2, Cyber Essentials).
• Experience in conducting audits and attestation activities, including familiarity with audit processes and methodologies.
• Strong analytical skills with the ability to assess risks and develop effective risk mitigation strategies.
• Excellent communication skills, both verbal and written, with the ability to interact effectively with stakeholders at all levels.
• Detail-oriented with a focus on accuracy and precision in documentation and reporting.
• Proficiency in project management, including the ability to prioritize tasks and manage multiple projects concurrently.
• Familiarity with regulatory requirements relevant to the financial services industry (e.g., GDPR, PSD2) is desirable.
• Ability to collaborate effectively within a team environment and contribute to a positive and inclusive workplace culture.
• Willingness to learn and adapt to new technologies, processes, and industry developments.

We would be really excited if you have:

• Bachelor's degree in Information Security, Computer Science, Business Administration, or a related field.
• Understanding of NIST
• A relevant certification (e.g., CISA, CISSP, CRISC) is a plus.

Don't meet all the requirements?

Multiple studies have shown that women and people of underrepresented groups are sometimes less likely to apply to jobs unless they meet every single requirement. At Truelayer, we are committed to building a diverse workforce, so if you are excited about this role and have the essential skills, but not the entire checklist - we'd still love to hear from you!

Benefits

What you can expect from us:

Flexible hours and hybrid working — work from home 3 days a week and our incredible offices 2 days a week in London Milan and Dublin Need to collect the kids from childcare? Love a workout in the gym first thing? No worries, we trust you to do your best work within our hybrid framework A one-off remote-working budget to help you set up your home office 24 days holiday as standard ✈️ with flexible bank holidays, so you can take those days whenever you like 12 fully-paid wellbeing days a year and your birthday off (on top of the holiday allowance)
• ️
• 2 volunteering days to support causes important to you
90 day 'work from abroad' policy ‍
• ️
Generous parental leave, above and beyond statutory requirements and with no minimum tenure Competitive pension contribution at 4% & 4% Private health insurance from the day you start
• ‍️
• Membership of mental wellbeing platform Spill and premium Calm subscription
A £1000 budget to spend on learning & development each year Free lunch from Just Eat
• (If you choose to work from the office on Tuesdays, Wednesdays and Thursdays)