Information Security GRC Lead

Remote
Operations – Security /
Permanent /
Remote
Our Mission 🚀 🚀
Bud's mission is simple. We're here to create the world’s most compelling financial data products. The products we're building are used by some of the world's most prestigious institutions to help millions of their customers take control of their finances.

Your Mission👨‍🚀👩‍🚀
We’re looking for someone to join our team to lead our ongoing approach to Governance, Risk and Compliance of Information Security. At Bud, we don’t view compliance as an obstacle to business but as a guide to approaching things in a way that best protects consumers, and as a valuable asset which can be used to a commercial advantage in our industry. Our approach to security, and some novel techniques we have adopted in particular, are core to what we do at Bud and a common reason why our clients choose us.

You’ll be the main individual handling GRC in the area of Information Security including maintaining and monitoring against current standards, looking at how we can further mature our processes, policies, controls and frameworks, and working to implement improvements in this area. This includes in particular ensuring that we both meet required standards and regulations as well as client & consumer expectations. You’ll also work with teams across the business as they will turn to you for guidance and assistance related to information security on areas such as due diligence, not just to ensure we are not only compliant with regulations, but also to foster a culture of acting in a way that protects consumers and our clients using rigorous thinking and careful controls.

What Impact You Will Make

    • Managing day-to-day Bud’s Information Security GRC framework
    • Ensuring Bud is fully compliant with ISO 27001, SOC 2, and Cyber Essentials Plus through identifying areas for improvement and working to execute such improvements
    • Understanding the technical requirements on Bud relating to either accreditations, regulations, or contractual requirements by our clients in relation to information security and ensuring Bud is maintaining effective controls and policies to meet these requirements
    • Using your technology risk management knowledge to support teams in developing new processes, controls and features by embedding good regulatory and risk practices
    • Organise and lead company training sessions related to Information Security
    • Assist our front-line compliance team on information security elements of external due diligence where required such as due diligence performed on Bud by prospective or current clients, or due diligence performed by Bud on its agents or suppliers
    • Owning the Information Security components of Bud’s Third Party Risk Management processes
    • Providing expertise and subject matter advice in security operational incidents
    • Work closely with Bud’s legal, risk, compliance and data teams to contribute to a coordinated approach to data security business-wide
    • Monitoring and ensuring our compliance and effectiveness of InfoSec controls, especially SOC 2 controls, on an ongoing basis through platforms such as Vanta

A Bit About You

    • Experience managing a programme of compliance with ISO 27001 and SOC 2
    • Experience in Information Security, either from an engineering or risk & compliance perspective
    • Look for ways to automate controls, compliance management and overarching management of an ISMS
    • A balanced approach to risk & compliance solutions that weighs and balances regulatory, risk, compliance and commercial considerations
    • You are hands-on, collaborative and excel in execution
    • You are process-driven and are effective at project management
    • You are focused on delivering end-value and impact
    • Strong communication skills and able to present objectives, strategies, concerns and impact assessments clearly to individuals in all departments and levels of the business including senior management
    • Ability to take ownership and proactively lead workstreams and tasks with limited supervision

Taking It To The Next Level

    • You have worked with Vanta or a similar compliance automation system before (i.e. Drata)
    • You have worked with OneTrust or similar DD/Vendor management systems before
    • You have worked with tools such as Jamf and SentinelOne for maintaining strong security posture on Internal IT systems (i.e. Employee Endpoints/Computers)
    • You have experience working in a B2B SaaS company or where your technical platform is your main product
    • Worked in fintech or banking before
    • You have a software engineering or security engineering background
    • You have experience working in a company where their platform is based in the Cloud (Google Cloud Platform/AWS)

Our InfoSec Compliance “Tech Stack”

    • Vanta - Risk and controls management; ongoing compliance monitoring & automation; audit management
    • OneTrust - Third Party Risk Management tooling
    • Jamf - Mobile Device Management across employee endpoint devices
    • Darktrace, SentinelOne, and Sophos - Endpoint security tooling
    • Google Workspace - Policy Document Management, SSO, DLP controls, BYOD MDM
    • Google Cloud Platform & Cloudflare - “Bud Platform” Cloud Providers 
    • incident.io - Incident Management

Benefits At Bud

    • 💰Competitive salaries. We have benchmarked this role between £70,000 - £85,000
    • 💰Pension. We’ll match pension contributions up to 5% through our scheme with Aviva
    • 📚Learning & Development Budget. £1,000 a year to accelerate your learning
    • 📈 Career Progression. We have uniquely built out progression frameworks to help accelerate your growth and quarterly R&D days
    • 🧘‍♂️ Mental Health Support. Online therapy and resources through our partners at Spill
    • 🏋️‍♀️ Wellbeing Allowance. A flexi-pot of £50 a month to use towards your wellbeing
    • 🏥 Private Medical Insurance through Vitality
    • Flexible Working. We trust our team to get the job done and will support various flexible working arrangements as part of our hybrid approach, which includes our 60-day work abroad allowance
    • 🏢Office in London. Bud is remote-first, but we also have a vibrant office by Old Street roundabout available that anyone at Bud is welcome to use as it best suits your working preferences
    • 🏖️Time Off. 25 days + bank holidays + additional time over the holiday season 
    • 🍼 Parental Leave. We offer enhanced parental leave, as well as 5 days of paid fertility leave and 10 days of paid pregnancy loss leave as we know the journey to parenthood isn’t always straightforward
    • 🫶 Volunteering Leave. 2 paid days off a year to spend time on projects and initiatives that matter to you
£70,000 - £85,000 a year
Everyone Is Welcome
We are committed to building a more diverse team where everyone feels safe to be their best and most authentic selves, because we believe that these differences will make us grow and be better as a company and a team. We are always looking for people who have different backgrounds, experiences, and ways of thinking to help contribute to and grow our culture, and strongly encourage people of colour, lesbian, gay, bisexual, transgender, queer and non-binary people, parents, and individuals with disabilities to apply. We also encourage you to apply even if you don’t match every part of the job ad. As an equal opportunity employer, we welcome everyone to our team and do not discriminate based on any applicable protected characteristics. 

Please let us know if there are any accommodations or reasonable adjustments that we can make during the hiring process - we are committed to making sure you’re well supported through the process and in the workplace.

Flexible Work Schedule Available
Both full-time and part-time (3-4 days per week) variations of this role are offered.