GRC Manager

What’s the opportunity at Gearset?

• Own our security and compliance documentation accurate and up to date, such as policies, procedures, and support documentation across our information security and compliance programs.
• Support our commercial teams in complex information security and compliance negotiations, while making sure we respond accurately and within given timescales.
• Take ownership of maintaining our current ISO 27001 compliance and certification through continuous improvement activities, as well as supporting preparation for internal and external audits.
• Own our internal Data Protection compliance program and make sure we comply with various regulations globally including UK GDPR, EU GDPR, and CCPA.
• Gain experience in the implementation and ownership of additional compliance based projects as we increase the international regulation and standards we comply with.
• Help us work efficiently by identifying common deal blockers and standardising documentation and processes.

What you’ll achieve

• You’ll build on your prior experience from a GRC or an information security role, within a technology company, to support our ambitious company growth plans.
• You’ll become a technical expert on the company and our products to streamline customer onboarding, and security and compliance reviews.
• You’ll own reviewing and responding to our complex customer security and compliance requests.
• You’ll have ownership of compliance and reporting to the international information security standard ISO 27001, to ensure Gearset retains our certification and continues to provide the highest level of protection to our customers’ data.
• You’ll own our internal Data Protection compliance program and make sure we comply with various regulations globally including UK GDPR, EU GDPR, CCPA.
• You’ll manage out third party supplier risk program.
• You’ll work as part of the compliance project team when implementing new regulations or standards such as NIST, fedRAMP etc.
• You’ll have the opportunity to get certified to international standards on Information Security, Compliance, Risk, Data Protection or Cyber Security.

About you

• Have been in an information security or GRC role, within a technology company and hold either a ISO 27001 Lead Implementer or Lead Auditor certificate.
• Have in-depth knowledge of ISO 27001 standards & proven experience in implementing ISO 27001 and maintaining the certification. Along with knowledge of general compliance requirements such as Modern Slavery, AML, Bribery etc.
• Have a track record of owning internal compliance with global data protection laws including GDPR and CCPA.
• Have an understanding of AWS Cloud infrastructure, and application security
• Possess a technical predisposition, the desire to learn and ability to react to the needs of a rapidly growing company eg comfortable working in an ever changing environment.
• Are an excellent communicator, with attention to detail and a passion for always delivering a great customer experience.

Great to haves

A degree in Computer Science, Information Security, Cybersecurity, or a closely related discipline such as Data Protection, Information Governance or Risk.
A recognised Information Security qualification such as CISSP, CompTIA Security+ etc
Past exposure to other regulations or frameworks such as NIST, HIPAA, fedRAMP, DORA
Knowledge of DevOps and DevSecOps

Benefits (the stuff you’d expect!)

• This is a full time opportunity, working Monday to Friday remotely within the UK.
• Opportunity to join our Long Term Incentive scheme
• Generous personal development budget for courses, conferences, or whatever is useful to your professional development in the role of up to £1500 per year
• Top end hardware provided
• Free lunch any day you are in the office
• BUPA health care
• Life Insurance & critical illness cover
• Discounted gym membership, as well as a range of health and wellness benefits