Unlock Premium Benefits Today!
🚀 Elevate your career with priority access.
Stand out to top recruiters with Jobgether Priority Access:
  • ✅ Top Match: We help you identify job offers where you're a perfect fit.
  • ✅ Exclusive Referral Service: Connect directly with recruiters as a Jobgether Certified Premium User.
  • ✅ Personalized Feedback: Receive feedback and expert guidance on applications, and have your profile manually reviewed.
Go Premium

Information Security GRC Manager

Remote: 
Hybrid
Work from: 
London (US)

Moneycorp logo
Moneycorp
501 - 1000 Employees
See all jobs

Job description

Description

Position at Moneycorp

Welcome to Moneycorp
We’re delighted you’re interested in being a part of Moneycorp.
In the last decade, Moneycorp has transformed from a largely domestic, consumer-focused provider of foreign exchange to an end-to-end global payments’ ecosystem.
With two banking licenses and operations across the entire value chain of the international payments and foreign exchange sectors, we enable businesses, institutions, and individuals to thrive beyond borders.
We help our clients realise their growth ambitions by providing them with worldwide reach, relentless regulatory excellence, and tailored, relevant solutions that resiliently optimise their financial operations.
We’re fervent about pursuing our goals, making substantial contributions to the payments industry, and consistently offering unwavering support to our clients at every stage of their journey.
Moneycorp is a place where energy, commitment to our shared success and collaboration are core to our DNA.  We’re restless in our drive to surpass the expectations of our clients and unlock opportunities to support them at every stage of their journey.
The foundation of our success is our people, and nurturing a culture of belonging for all of our colleagues is central to our journey as a global business.
 
Find out more about Moneycorp’s offering, global footprint and capabilities here: About Us | moneycorp
 
Who You Are / Your Next Challenge
 
Information is of paramount importance to Moneycorp and we naturally demand a "no compromise" approach to protecting our technology: to ensure it is available when required; and that our information is not inadvertently or maliciously disclosed, lost, stolen or altered.
This role sits within the Information Security Team, part of Group Risk and Compliance, reporting into the Head of Information Security. The candidate will be responsible for ensuring Moneycorp’s data and information processing systems are protected in-line with the information & cyber security programme.
We are looking for an Information Security Governance Risk and Compliance (GRC) professional, who has previously experience of Business Management, Information Security Operations or IT Operations and experience of maintaining an Information Security Management System. Reporting to the Head of Information Security, you will be supporting the business ensure continued certification of ISO27001 and SOC2.
 
What we’re looking for / Skills that will help you in the role 
 
Maintain ISO27001/SOC2 certifications
  • Responsibility for the smooth running of the Information Security Management System: governance, risk management, remediation activities.
  • Responsible for maintaining Information Security policies are reviewed annually and updated in line with regulatory, business transformation or other outside factors
  • Work with the business areas to ensure good practices, including documented procedures 
Deputise for the Head of Information Security
  • Where necessary, provide cover and assistance to the Head of Information Security managing the team
Identify and propose improvements
  • Re-evaluate policies, procedures, process and standards to ensure documentation is consistent, and recommend improvements
Information Security Third-party reviews
  • Maintain the 3rd party Information Security review schedule, provide guidance where necessary to junior members
Information Security Training and Awareness
  • Manage Moneycorp’s Information Security Training and Awareness programme
Operational Team activities
  • Responsible for ensuring daily tasks, collation of KPIs and RPIs, and managing ticket queue within SLAs
Information Security Architectural, Application or Service reviews
  • Review new and existing services with an Information Security lens, highlight any gaps and provide recommendations
Person Specification
Knowledge and Experience 
  • At least 5 yrs Experience in an information or IT security related role within a financial or regulated firm
  • Fully understand security concepts such as identity access management, defence in depth, least privilege, resilience (technical & operational), segregation (networks & duties), cloud security (shared responsibility)
  • Comfortable with responding to regulatory compliance and auditors’ queries
  • Have conducted Information Security risk assessments and managed mitigation strategies
  • Understanding SWIFT CSP, and operational resilience frameworks
  • Knowledge of implementing and managing ISO27001:2022 Information Security Management Systems
  • Familiar with: SOC2 Type II, NIST CSF, PCI DSS and NCSC guidance Familiarity with Data Protection and Financial regulations i.e. GDPR, FCA regulations, PRA guidelines, UK Data Protection Act, DORA
Skills:
  • Technically astute, understands technical risks to the business and can provide clear risk assessment analysis to the business. Able to challenge where risks are outside of tolerance in an evidenced led, logical and methodical.
  • Network Security & Protocols – Deep understanding of TCP/IP, firewalls, VPNs, IDS/IPS, and secure network architecture and browser filtering technologies
  • Vulnerability Management – Have used vulnerability management tools, provide analysis
  • Email – understands email delivery, and controls i.e. tracing, analysing, filtering, DMARC, SPF, DKIM
  • Cloud Security – Knowledge of securing Azure or AWS, including IAM, encryption, and monitoring (Sentinel experience beneficial) and understand the principles of the Shared Responsibility Model
  • Data Protection & Encryption – Understanding of cryptographic protocols and secure data handling practices
  • Investigations – have conducted highly confidential investigations (DSARs) using tools to conduct searches and collate evidence e.g. Search email systems, Teams
  • Experience in Information Security Awareness and Training, phishing simulations, managing online training (CBT), providing content for awareness
  • Scope and manage Penetration Tests, analysing the findings
  • Able to mentor junior members of the team
  • Attention to Detail – Critical for monitoring logs, reviewing configurations, and writing formal documentation
  • Analytical Thinker – Ability to assess complex systems and identify potential risks and vulnerabilities
  • Ability to disseminate documentary evidence to provide objective analysis
  • Communicating and documenting user reported security problems and incidents
  • Keeps up to date with the latest Information and Cyber news, threats and incidents
  • Previous experience working in a Global diverse organisations
  • Appreciate when to escalate issues upwards
Education 
  • BSc/MSc in Information Security, computing, science, technology, engineering or mathematics (STEM) subject or suitable alternate experience
  • Must have obtained a known security qualification; acceptable certifications from ISC2, ISACA, GIAC or EC-Council. e.g. CISSP, CISM, CRISC or CISA preferable
  • Must have either ISO27001 Certified ISMS Lead Implementer or Lead Auditor
Languages
  • English 
Personal Attributes
  • A passion for cyber security and a keen interest in IT
  • Highly motivated, responsible, reliable and organised individual able to use own initiative, manage own time and workload and an excellent attention to detail.
  • Capable of developing a strong working relationship with peers to encourage good security practices
  • Collaborative and team-oriented, flexible attitude, adhering to a high standard of ethical behaviour
This position is full-time, permanent. The role is office-based in London as part of the Information Security team. However, we have an agile flexible working policy which enables you to work up to 2 days from home if desired.
 
What you get in return:
This role offers a competitive salary with commission or bonus, plus a comprehensive benefits package including 25 days holiday plus a day off for your birthday, pension, BUPA private medical health insurance and more. 
 
Interested?
If the role sounds like you, we invite you to upload a copy of your CV and can do this by clicking on the Apply Now button
 
Fostering a culture of belonging and inclusivity
We're committed to creating a workplace where every individual feels valued, respected, and included. As an Equal Opportunity Employer, we actively cultivate an inclusive culture where diversity thrives, and we empower our colleagues to drive meaningful change within our organisation through initiatives like our DE&I focus groups and value champion network.
Like many of our peers, we recognise that fostering inclusivity is an ongoing journey, and we remain steadfast in our commitment to progress. By measuring our efforts through regular assessments and listening to the feedback of our employees, we strive to ensure that our initiatives are impactful and responsive to the evolving needs of our workforce.
Together, we want to build a workplace where everyone can bring their authentic selves to work, as we believe this is the foundation of innovation, creativity, and collective success.
 
Connect with us
For company news, announcements and market insights, visit our News Hub.   

You can also find Moneycorp on FacebookTwitter UKTwitter AmericasInstagramLinkedIn, where you can discover how we are leading the way in global payments and currency risk management

Required profile

Experience

Are you interested?

Related jobs

See more jobs