Pluxee helps companies attract, engage, and retain talent thanks to a broad range of solutions across Meal & Food, Wellbeing, Lifestyle, Reward & Recognition, and Public Benefits.
Conducting its business as a trusted partner for more than 45 years, Pluxee is committed to creating a positive impact on all its stakeholders, from driving business to local communities, to supporting wellbeing at work for employees while protecting the planet.
The IT Compliance and Risk Manager is responsible for developing, implementing and overseeing the organisation's IT compliance and risk management programmes, with a strong focus on maintaining the ISO 27001 and ISO 90001 certifications.
The role ensures that IT security and operations align with global Pluxee policies & procedures as well as regulatory, legal, GDPR and industry standards while mitigating risks and enhancing overall posture.
Respond to client Information Security tenders and questionnaires, establish and maintain a central repository of documentation available for Sales and Planning Team access.
Lead and manage the organisation's ISO certification and surveillance audit processes.
Develop and maintain policies, procedures and documentation to align with ISO and Global Pluxee standards.
Identify, assess and prioritise IT risk across platforms & services, processes and projects, and take appropriate actions to drive to closure.
Conduct regular risk assessments for core platforms, services and vendors.
Ensure compliance with GDPR, NIST etc
Serve as a subject-matter expert for IT compliance questions
Develop and enforce IT policies and procedures that support compliance and risk objectives.
Respond to client Information Security tenders and questionnaires.
Conduct training and awareness programmes.
Maintain ISO certification and promote the standards within the business.
Quarterly reporting to SLT on compliance status, IT risk posture.
Define an annual roadmap for IT risk management and mitigations aligned to UK Portfolio, Information Security and Business Risk Roadmaps.
PLX UK holds ISO27001 (Information Security Management System) and 9001 (Quality Management System) certifications and already has a traditional framework for risk management.
Globally as Pluxee expands its governance to encompass local entities, alignment of local policy and methodology is key.
Customer focus - Building strong customer relationships and delivering customer-centric solutions.
Collaborates - Building partnerships and working collaboratively with others to meet shared objectives.
5+ years in information security or IT risk management.
~ CRISC (Certified in Risk and Information Systems Control) would be a distinct advantage.
~ Experience and knowledge of ISO27001 (Information Security Management System) and ISO 9001 (Quality Management System), ideally to Management Representative level.
~ Knowledge of GDPR (General Data Protection Regulation) rules and obligations.
~ Good knowledge of Information Security Tools, techniques and processes.
~ Good knowledge of Business Continuity strategy and planning
~ Internal audit experiences an advantage.
~ Manage relationship and organise annual external audits to maintain certification.
Video call Discussion with TA Partner
Video call Discussion with Hiring Manager
Video call Discussion with Hiring Manager & Tech Panel.
Video call Discussion with HRBP
IT Team
Help us build the future of employee benefits by bringing to life sustainable and personalized experiences and contribute to make a real impact on millions of lives. Our business model delivers not just for individuals but their communities too, by supporting local businesses and economies.
2) A great culture: We respect and care authentically about our people, we embrace wellbeing and work-life balance, new ideas and we have a lot of fun!
At Pluxee we proudly embrace diversity and value the uniqueness of our talents, fostering an inclusive workplace where all abilities are celebrated, and equal learning and growing opportunities are a given.