What You Can Expect
Reporting into the Head of Risk and Compliance, you will take ownership of multiple Information Security projects, assurance, processes and objectives of the Risk and Compliance (R&C) team.
- Your will be a main go-to person in the R&C team, acting as an expert in various processes and requirements in this space. You can make a difference through the relationships you build with the wider teams to ensure our processes reflect the real-world problems they are trying to solve.
- Compliance with PCI and GDPR is a big part of what the R&C team delivers. You will own these programmes of work and work with the relevant teams (Tech, Privacy, Legal, HR, etc) as needed.
- Getting involved in various projects across the business is an integral part of how we bake security into our products and processes from the start. you will be working closely with the rest of GS, the wider Tech team and the business to understand what ongoing bodies of work require our attention and partner with the owners to ensure relevant requirements are covered.
- Part of our responsibility includes Vendor Risk Management. Through various risk reports, you will enable the business to understand the risk of various relationships and make informed decisions regarding who they work with.
- Using Jira and Confluence, and exploring the ways information and data can be used to tell fact-based risk stories, is an area we explore and expand on daily. You will be the ‘go-to’ person for running risk reports using these systems, and we will ensure you get the training you need to do this.
- Supporting the development, maintenance and communication of the Policy set is an integral part of how the R&C team defines requirements for the group and you will be a leader in this area. Staying abreast of various industry best practice and regulatory requirements will be essential in ensuring these requirements are complete and accurate.
- Group Security work together as one team, so when someone else on the team needs us as a matter of priority, we provide the support they need. Not only does this help move the team forward together, it also provides exposure to various parts of the team which are not your primary area of responsibility (such as Cloud Security, Application Security, Incident response, Training and awareness, etc).
About the security team at Photobox Group
PhotoBox Group Security (GS) is a trusted, high energy, empowered and proactive team. If you are looking for a place to make a difference, apply your security knowledge, learn a lot, be part of a highly productive team, and are able to work collaboratively with all parts of the business, this is the place for you.
We have a great culture, with a very horizontal structure. We expect you to be knowledgeable, trustworthy, empowered, friendly, focused and responsible.
Our mission is to secure the magic moments created by our customers, across all our brands. Our operating principles define what we focus on and how we make decisions.
We hold ourselves accountable against these principles.
- We are enablers for the organisation, not a bottleneck
- We drive transparency and accountability in risk management
- We minimise vulnerabilities
- We hack ourselves first
- We educate and empower our internal stakeholders and developers
- We contribute to adding financial value.
Requirements (About You)
- 3-6 years’ experience in Security, Technology or other.
- Practical experience of conducting information security audits, including compliance review of IT applications and infrastructure
- Strong knowledge of information security standards (e.g. Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls)
- Sound understanding of privacy requirements (including GDPR)
- Strong working knowledge of the IT security aspects of IT infrastructure (network and servers) and services, including Cloud computing
- Strong influencing skills, able to deal with a broad range of stakeholders at all levels, in a confident and assured manner
- Ability to identify and articulate information security requirements, risks and issues in a simple manner, and make clear recommendations and decisions
- Excellent verbal and written communication skills
- A team player, able to establish strong working relationships with stakeholders, colleagues and business partners.
- Able to conduct the role with integrity and independence
A taste of what to expect as part of the team
We’ve recently moved to an incredible new space in Farringdon, with loads of natural light, spaces to support our ways of working and great neighbourhood bars and restaurants Regular socials, engagement activities, drinks, treats and plenty more – an you can be as involved in as little or as much as you’d like We’re open & honest, actively listening to employee feedback to help us in our goal to become an awesome place to work Together we have shedloads of ambition and actively support each other to hit our goals and drive the business forward All sorts of Learning & Development support, including a dedicated budget per team
- 25 days Annual Leave (plus Bank Holidays)
- AXA Private Medical insurance
- Denplan Private dental insurance (Depending on Grade)
- Contributory pension scheme
- Life Assurance that pays out x4 salary
- Eye Care vouchers
- Interest free travel loan
- Cycle2Work scheme
- Generous credit to spend on our products (varies per brand)
About Photobox Group
Did you know we’re Europe’s leading retailer of personal and personalised products? Our family of brands – Photobox, Moonpig, Hofmann and PosterXXL – make millions of moments real for our customers around the world.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
- The Role: Risk & Compliance Manager
- Location: London
- Department: Technology, Security
- Employment type: Full-time