Governance Risk and Compliance @ Sendwave

Governance Risk and Compliance

GRC, Information Security-Senior Analyst

Posted on 3/16/2023

INACTIVE

Locations

United Kingdom

Experience Level

Entry

Junior

Mid

Senior

Expert

Desired Skills

Communications

Requirements

Excellent communication skills, attention to detail and growth mindset
Take ownership, demonstrate a sense of urgency, and ensure accuracy and quality
The ability to translate Information Security risks into the business language to support and drive informed decision making
A passion for compliance and knowledge of finance-related regulatory obligations/standards such as PCI-DSS, FCA, EBA, GLBA and US state financial regulations
Forward-looking and out of the box thinking with the ability to work with technical teams to translate regulatory requirements and audit findings into automated controls where feasible
Bachelor's degree in a related field or equivalent work experience
One or more relevant qualifications e.g, CISM, CISA, CRISC, CGEIT or equivalent
Knowledge of COBIT and ITIL processes

Responsibilities

Support the design and execution of the Information Security Governance Risk and Compliance roadmap
Assist to effectively manage Information Security risks through compliance with relevant regulatory, legal, contractual, and implementation of risk treatments prioritised based on cost benefit analysis to ensure resources are distributed to the area where it's most needed
Support in establishing Information Security governance that serve Zepz's intention and direction through development and management of administrative controls and, promoting awareness
Assist to provide accurate and timely information to the business to make informed strategic, operational and service delivery decisions while remaining fully aware of risks and impact
Work with Internal and External stakeholders to ensure continuous compliance with regulatory requirements
Work closely with ERM and Audit and other teams where required to ensure risks are managed within risk appetite and audit findings are closed within an agreed timeframe
Raise the bar on documentation by running workshops with teams on the templates created and how to design and write audit ready documentation as per best known
Support alignment and reviews of our maturity against security frameworks as agreed with the CISO, such as NIST CSF
Help build meaningful metrics to support senior management decisions
Perform any other GRC duties and responsibilities, as assigned

About Zepz

Zepz is the group powering two leading global remittance brands: WorldRemit and Sendwave. Since 2010, we have been disrupting an industry previously dominated by offline legacy players with our relentless focus to reduce the cost of remittances and increase safety and convenience for our users. Every day, our people work to unlock the prosperity of cross-border communities through finance and technology - driven by our vision of a world that celebrates migrants’ impact on prosperity, at home and abroad.

Our brands helped cross-border communities send over $15bn from 50 countries to recipients in 130 countries in 2022. We operate over 5,000 money transfer corridors worldwide and employ over 1,600 people globally. Zepz is a remote-first employer, with team members located across six continents. Our vision is to create a world that celebrates migrants’ impact on prosperity, at home and abroad. Our purpose is to unlock the prosperity of cross-border communities through finance and technology.

Zepz.io

Our Commitments:

We act like owners - We are relentlessly delivering for our users and spending money thoughtfully.
We embrace embarrassing honesty - We function best when we’re open and honest with one another — especially about our challenges and doubts.
We have a bias to action - We get to first outcomes quickly, iterate and learn.
We strive to be better - We may make mistakes, but always learn from them.
We are inclusive - to better reflect and serve our users.

About the role

We are committed to enhancing GRC by setting out a structured approach and common view of how information security is evaluated, directed and controlled. We endeavour to create value by balancing Risk, Resource Optimisation, and Benefit Realisation and support the business with its objective by making informed decisions.

We are a regulated entity in a number of jurisdictions and are subject to a diverse and challenging set of regulatory requirements. We are a forward-looking fast-moving organisation and there are opportunities to do things differently; you will work with the broader security team to build continuous compliance into security tooling to provide automated guard rails for controls.

You will be a key part of CISO structure (2nd Line of defence) and will be supporting tasks related to information security governance, risk and compliance.

Reporting to the GRC Manager, you will:

Support the design and execution of the Information Security Governance Risk and Compliance roadmap.
Assist to effectively manage Information Security risks through compliance with relevant regulatory, legal, contractual, and implementation of risk treatments prioritised based on cost benefit analysis to ensure resources are distributed to the area where it’s most needed.
Support in establishing Information Security governance that serve Zepz’s intention and direction through development and management of administrative controls and, promoting awareness.
Assist to provide accurate and timely information to the business to make informed strategic, operational and service delivery decisions while remaining fully aware of risks and impact.
Work with Internal and External stakeholders to ensure continuous compliance with regulatory requirements.
Work closely with ERM and Audit and other teams where required to ensure risks are managed within risk appetite and audit findings are closed within an agreed timeframe.
Raise the bar on documentation by running workshops with teams on the templates created and how to design and write audit ready documentation as per best known.
Support alignment and reviews of our maturity against security frameworks as agreed with the CISO, such as NIST CSF.
Help build meaningful metrics to support senior management decisions.
Perform any other GRC duties and responsibilities, as assigned.

What we’re looking for from you:

Excellent communication skills, attention to detail and growth mindset.
Take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.
The ability to translate Information Security risks into the business language to support and drive informed decision making.
A passion for compliance and knowledge of finance-related regulatory obligations/standards such as PCI-DSS, FCA, EBA, GLBA and US state financial regulations.
Forward-looking and out of the box thinking with the ability to work with technical teams to translate regulatory requirements and audit findings into automated controls where feasible.

Education and Experience:

Bachelor’s degree in a related field or equivalent work experience.
One or more relevant qualifications e.g, CISM, CISA, CRISC, CGEIT or equivalent.
Knowledge of COBIT and ITIL processes.

What we offer you:

Please note that the benefits below do not apply to part-time, contractor or temporary roles.

We have five core benefits for our talent in the US, UK, Philippines, Poland, and South Africa. If you’re not in one of those regions, don’t worry - the Talent team can let you know what is available for you specifically:

Unlimited Annual Leave: Most Zepz team members are eligible for unlimited annual leave. Colleagues in customer-facing roles, receive a competitive holiday allowance and four recharge days a year. Feel free to make the most of your time off and maintain a healthy work-life balance!
Private Medical Cover: You can opt-in to a Private Medical Insurance scheme. This provides you with access to thorough medical coverage, so you can feel confident in your health and well-being.
Retirement: We offer pension schemes to help you plan for and secure your future.
Life Assurance: Life assurance is available to give you peace of mind and protect your loved ones in case of the unexpected..
Parental Leave: We offer competitive parental leave schemes to ensure you are spending as much quality time with your new bundle of joy as possible.

We are also remote-first as an organisation, offering flexibility for you to work where you need to be most productive. In many locations, we have workspaces, which you can use as you desire.

Most roles in the Philippines are predominately office-based, with this we offer free meals for those 100% on-site.

In addition to the above, you will discover that we have a range of secondary perks (such as the cycle-to-work scheme and employee discounts) depending on your location, to help you thrive at Zepz!

Why choose Zepz?

Our team of over 1600+ employees is fully distributed across the world. We are working from coffee shops, homes, and co-working spaces — making us one of the larger fully distributed growth-stage startups in the world but we also offer workspace in our talent cluster locations - spaces we can meet, collaborate and connect.
We are proud parents, community organizers, farmers, band members, yoga teachers, YouTube influencers, former Olympians, and serial entrepreneurs.
We collectively speak over twenty languages, including Akuapem, Amharic, Bengali, Ewe, Fante, Ga, Igbo, Kalenjin, Luganda, Oromo, Somali, Swahili, Wolof, Bulgarian, Croatian, Czech, Danish, Dutch, English, Estonian, Finnish, French, German, Greek, Hungarian, Irish, Italian, Latvian, Lithuanian, Maltese, Polish, Portuguese, Romanian, Slovak, Slovenian, Spanish and Swedish.
At Zepz, embodying our commitments binds us together. We are collectively passionate about striving to achieve our vision and purpose - to continue to provide the best service to our users.

Ready to apply?

Applications will be reviewed on a rolling basis. If interested, please submit your resume along with a cover letter (optional), highlighting why your experience demonstrates you meet the requirements of the role. Please also indicate the countries in which you have work authorization. While Zepz supports visa sponsorship, sponsorship opportunities may be limited to certain roles and skills.

At Zepz we record interviews using Metaview (https://metaview.ai). It helps us become better interviewers by recording and transcribing our interviews, and ensures we interview candidates in a fair & consistent manner. It is not required. Please let us know if you’d like to opt out of the use of Metaview - this will not affect the outcome of your interview.

Confidence can sometimes hold us back from applying for a job. But we’ll let you in on a secret: there’s no such thing as a ’perfect’ candidate. Zepz is a place where everyone can thrive.

So however you identify and whatever background you bring with you, and if at all you might need any form of support to make the process as comfortable as possible, please let us know and give us a shot by applying. We want you to be excited to wake up to make an impact every day.

51-200 employees

Website