At Engine by Starling, we are on a mission to find and work with leading banks around the world who aim to build rapid growth businesses using our technology.
Engine is Starling's SaaS business, built to power Starling Bank, which became a separate entity two years ago. Our platform enables banks globally to benefit from innovative digital features and efficient back-office processes that contributed to Starling's success.
As an engineering-led company, we expect everyone to contribute to delivering great outcomes for our clients. We are seeking someone excited by the potential of Engine's technology to transform banking markets worldwide.
Hybrid Working
We adopt a hybrid approach, preferring team members to be within a commutable distance of our offices for in-person collaboration.
About The Role
You will help maintain and mature our governance, risk, and compliance program, ensuring adherence to security standards and regulations, and building trust with clients and stakeholders. This hands-on role involves engaging with stakeholders across the business.
What you'll get to do:
* Compliance Management: Support daily management of compliance programs, focusing on ISO 27001, SOC 2, and PCI DSS/3DS.
* Audit Support: Act as a key liaison for auditors, gather evidence, prepare for audits, and track remediation of findings.
* Risk Management: Participate in risk assessments, identify and analyze security risks, and develop risk treatment plans.
* Policy & Procedure Maintenance: Develop and update security policies, standards, and procedures.
* Evidence Collection & Review: Automate evidence collection to ensure audit readiness.
* Cross-Functional Collaboration: Work with Engineering, Product, and Security teams to embed security controls.
Identify opportunities for continuous improvement of our GRC processes.
Requirements
Essential
* At least 3 years of experience in information security.
* Experience supporting compliance efforts for ISO 27001, SOC 2, and PCI DSS.
* Strong skills in security metrics and reporting.
* Experience with audit processes and evidence collection.
* Proactive, organized, and detail-oriented work approach.
* GRC software experience is a plus.
Desired qualifications: If you have some of these, that's great!
* CompTIA Security+
* CISA
* CRISC
* CISSP
Our interview process is conversational, allowing you to get to know us and vice versa. Expect the following stages:
* Stage 1 - 45 mins with BISO
* Stage 2 - 60 mins with team members
* Stage 3 - Final interview with CTO
Benefits
* 33 days holiday, including public holidays.
* Extra day off for your birthday.
* Holiday entitlement increases with service; options to buy or sell days.
* 16 hours paid volunteering annually.
* Salary sacrifice, pension scheme, life insurance, income protection.
* Private Medical Insurance with mental health and cancer support.
* Family-friendly policies, referral incentives, Perkbox discounts, wellness programs, and more.
About Us
We welcome applicants who may not meet every requirement but are passionate about joining us. We value diversity and inclusion and are committed to equal opportunity employment. By applying, you consent to our data processing as detailed in our Privacy Notice.
#J-18808-Ljbffr