We are PFG '“ a leading specialist bank and a FTSE 250 company who are one of the UK's leading suppliers of personal credit products to the non-standard lending market. We provide a portfolio of credit products designed to meet the particular needs of those who are not well serviced by mainstream lenders. Our core brands are Vanquis Bank and Moneybarn.
The Security Governance Risk and Compliance Manager reports to the Head of Information Security and works closely with the Chief Information Security Officer.
The primary function of this role is to ensure Information Security Governance, Risk and Compliance across the PFG.
The Senior Manager, Security Governance, Risk & Compliance will be responsible for defining, and leading a GRC function. This role will manage the security risk strategy and provide cyber governance and risk management oversight; establishing and managing the security policy framework and relevant standards; overseeing applicable information security, privacy, contractual and compliance requirements through strategy development, controls definition and assessment and process oversight to support PFG's requirement to secure IT, data, and business landscape.
Key responsibilities of a Senior Governance Risk and Compliance Manager:
- Responsible for the management and strategic delivery of Security Governance, Risk and Compliance aligned to Cyber Security strategy within PFG.
- Responsible for the management and a subject matter expertise for ensuring secure access to sensitive data (i.e., customer, employee, commercially sensitive information) is provided to support confidentiality, integrity and/or availability.
- Responsible for the management and escalation of identified incidents within Security Governance, Risk and Compliance.
- Responsible for the management of ISO 27001/NIST alignment, risk assessments and maturity plans within PFG.
- Management of Information security audits, action plans and closure tasks.
- Proactively support the Head of Information Security with the management of Information Security at PFG.
- Proactively engage with stakeholders and system owners in the management, ownership and treatment of information security risks within the Group.
- Maintain an effective cross-functional internal network to facilitate the business and forthcoming developments.
- Create, maintain regular KPIs, remediation activities, and identify areas for improvement and recommendations.
- Provides role model leadership behaviours in communication, collaboration and the recognition and development of their team, including regular performance and development conversations, in-time feedback and coaching.
- To provide advice and guidance on how to minimise the impact to PFG of potential threats.
- To liaise with potential or current partners and suppliers to PFG and evaluate the information security levels of the company or products.
- Deliver capabilities that protect PFG from potential malicious attacks and recommend defensive actions.
- To work with PFG and advice on all Information Security Risks with regard to infrastructure, changes to processes or software implementations.
- Responsible for Information Security risk assessments to ensure they are completed and the results are recorded.
- To assist in taking timely action resulting from any risk assessment recommendations. This may involve liaison with other departments, partners or suppliers. It is essential to keep the IT Security department informed if there are any issues of non-compliance.
- Be aware of current and possible future trends in information security and take into account current PFG procedures, to define and develop procedures and policies for appropriate and secure use of PFG's IT systems.
- Adherence to standards, including ISO27001, NIST, Information Technology, PCI-DSS and Infrastructure Library (ITIL)
This role requires a strong manager who is competent in industry best practices, including NIST, PCI DSS, ISO27001 and any other applicable standards and possesses proven experience in building, managing and motivating a team of information security professionals. You will need to bring a minimum of 5 years' management experience working in a fast-paced information security team to this role.
- Sufficient experience of working in an Information Security function - including management experience.
- Be able to build good working relationships with both technical and business stakeholders, gaining their respect and trust based on your knowledge and professionalism.
- Experience of working in a large company and/or Enterprise environment â€“ understanding the complicity of multiple stakeholders and how to effectively manage change.
- An understanding of cloud technology (preferably Azure).
- Excellent communication and presentation skills are paramount, alongside a willingness to effectively delegate work.
- Recognised information security industry qualifications such as CISM, CISSP
- Excellent analytical skills
The satisfaction of working for a successful and ethical business who are here to help people is a big benefit of joining us, but it is not the only one. We will invest in your development, giving you the support and training to become better and better at your job. We take the work/life balance seriously, with plenty of flexible working options. Working in a bright and refreshingly relaxed environment, you will find your opinions are valued and listened to.
On top of all this, we will give you a package including:
- Competitive base salary
- Discretionary annual bonus
- Car allowance
- 25 days annual leave entitlement (increasing with length of service)
- Pension Scheme with company contributions
- Private Medical Insurance
- Extensive opportunities for personal and career development
- Flexible and dynamic working policies
- Colleague Perks at Work discount platform
- Hybrid working considered
We know that by having a better, more inclusive culture and a diverse group of colleagues, we can support our customers and each other in the best way possible. We also believe this goes a long way to helping us live our purpose and defines why we are here in the first place: to help put people on a path to a better everyday life.
We are an equal opportunities employer and we want people to join us no matter how they identify, their sexual orientation, marital or civil partner status, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.
We want to attract and retain the best people. So, we make sure that, if people need it, they are given all the extra support and reasonable adjustments to take part in any part of our application or interview process. We have also got lots of colleagues who choose to work flexibly, so please feel free to talk to us about how you prefer to work at any time.
We think that if you can Be Yourself in the workplace, you will do your best work and enjoy being part of the team and as a business we get to benefit from that and to celebrate all the wonderful things that diversity brings.