Description Curve was founded with a rebellious spirit, and a lofty vision; to truly simplify your finances, so you can focus on what matters most in life. That's why Curve puts your finances simply at your fingertips, so you can make smart choices on how to spend, send, see and save your money. We help you control your financial life, so you can go out and live the life you want to live. With Curve you can spend from all your accounts, track spend behaviour and provide insights, and security to protect you from fraud. For the first time giving you bright insights and control of all your money in one beautiful place. We're developing a ground-breaking product with our customers at the core. Our user base is growing rapidly and we have exceptional metrics. We have funding from the leading names in tech investment, and a visionary leadership team who wants everyone who joins this remarkable adventure, to have the autonomy to masterfully develop their expertise. Welcome to Curve. On a mission to help you live inspired. Role Purpose: The mission for this role is to be responsible for all security compliance monitoring and assurance activities within Curve. The role reports to the VP, Engineering and will be key in leading regulatory, audit and supplier based assessments and their remediation actions. The role will also be required to provide ongoing compliance reporting to senior management. The role will create, deliver and operate a framework and supporting processes that will enable Curve to deliver continuous compliance for all InfoSec audit and risk related matters. The role requires someone that has previously worked within a global team and has prior experience of working in a PCI/GDPR/DPA environment. Key Accountabilities: Develop, maintain, review, and update information security policies Lead audit, attestation and assurance activities, ensuring all reviews are scoped accordingly and resulting actions are managed to resolution Develop reporting and measurements to demonstrate adherence to regulatory requirements Support the supplier onboarding and due diligence program by conducting 3rd party security risk assessments Assist with development and ongoing management of the security awareness program and InfoSec training Maintain the Information Security Risk Register and Information Security Context Register Reporting regularly to management on the status of assigned activities including issues, risks and remediation actions Requirements 2 years experience in information security governance, risk and compliance (GRC) or security auditing Experience in establishing and operating a proactive and continual compliance programme, including PCI, ISO 27001 and SOC2 as a bonus Control mapping and Gap analysis experience Experience with controls and compliance in cloud / SaaS environments Professional security certification preferred (e.g, CISA, CRISC, CISM) Benefits Curve Life: Competitive salary with employee share options package. Free Curve Metal subscription for you and 1 Get Smarter: 10 days per year for training and conferences Health and Wellbeing: Life insurance Global work abroad policy Health care cash plan Life coaching EAP services 24/7 GP access Annual subscriptions to Calm & FIIT for your mind and body Discounted gym membership. Ride to work scheme Electric car scheme Discounted shopping vouchers Season ticket loan Bonus days off for your birthday, moving house and Christmas Six nights of Night Nanny for new parents