on governance, oversight, and assurance, ensuring Onsi operates in line with best practices and applicable laws, particularly within cybersecurity, data protection, and operational risk. What you will do: Lead and support the implementation of key compliance and cybersecurity frameworks (e.g. UK GDPR, ISO27001, Cyber Essentials), while developing regulatory risk frameworks … management, information security, or cybersecurity governance - ideally within a regulated environment such as financial services or fintech. The ability to understand and apply regulatory frameworks (e.g. UK GDPR, ISO27001) and translate them into business-friendly policies, controls, and processes. Confidence working with regulatory frameworks like UK GDPR, ISO27001 … the discipline to manage your learning and growth. Desirable Qualifications and / or knowledge (any of the following): Certifications or practical experience as / in CISMP, CompTIA Security+, ISO27001LeadImplementer, CISM, CISSP, or PCI DSS QSA. Awareness of key regulations, including UK GDPR, Data Protection Act More ❯
manage responses to customer security audits and assurance inquiries. Monitor regulatory changes and contribute to compliance initiatives such as DORA , NIS2 , and other applicable standards and frameworks (e.g., ISO27001, SOC 2, GDPR). Assist in the development, maintenance, and improvement of internal GRC processes, policies, and documentation. Collaborate with cross-functional teams (Security … a related field. Experience supporting sales processes, including responding to RFx security assessments. Solid understanding of cybersecurity principles, information security best practices, and regulatory requirements (DORA, NIS2, GDPR, ISO27001, SOC 2, etc.). Excellent written and verbal communication skills; able to translate technical concepts for non-technical audiences. Strong organizational skills with the … a proactive approach to problem-solving and attention to detail. Experience working in a SaaS, cloud, or technology-driven company is preferred. Professional certifications (such as CISM, CRISC, ISO27001LeadImplementer/ Auditor, or similar) are a plus Additional Information We are proud to foster a diverse More ❯
maintain an organization-wide security culture. Build and implement a company-wide communication strategy to promote information security, including application security, within the organization. Team Leadership and Development : Lead and develop the Information Security team. Recruit, retain, and develop talent and expertise, including application security specialists. Set and maintain the team's culture and tone. Business Continuity … including considerations for application security. Security Monitoring and Incident Response : Establish and maintain processes for continuous security monitoring and detection of security events, including application-specific security events. Lead the investigation and resolution of security incidents, including those related to application vulnerabilities, root cause analysis, and implementation of corrective actions. Reporting : Provide regular reports on the organization … . Stay abreast of and ensure adherence to regulations (e.g., GDPR, NIS2, DORA) and other relevant legal and contractual obligations, as well as application security standards. Risk Management : Lead the information security risk management process, including identification, assessment, treatment, and monitoring of risks, with a particular emphasis on application security risks. Conduct regular risk assessments and vulnerability More ❯
risk evaluations. Act as the Bank's IS technical consultant on Supplier and Project Assurance activities. Oversee the administration of the SureCloud platform and baseline control set maintenance. Lead security triaging and approvals of new projects and suppliers. Liaise with IT and MSSP teams to identify and remediate security risks / incidents. Draft reports, risk register updates … and maintain documentation aligned with best practice (ISO27001, NIST CSF). Track and advise on industry security trends and their implications. Contribute to social engineering assessments, BAU risk mitigation, and business process evaluations. Influence and support change by aligning policy updates with new regulations and business needs. What We're Looking For A … Bachelor's or Master's degree (preferably in IT, Security, or Risk). At least one recognised IS qualification (CISM, CISA, CISSM, ISO27001Lead Auditor /Implementer, CIPP / E). Proven experience in delivering project and supplier assurance activities in the IS domain. Strong written and More ❯
