1-2 days per week at home
A little flex time
At TrueLayer, security is at the foundation of our product. By championing the best security practices across the business, our Security team empower both their colleagues and our clients, and ensure the availability, stability and security of our API platforms.
We’re looking for a GRC Specialist to ensure the quality and direction of our security programme as we scale. They will be the point of contact in the business for security policy, audits (ISO 27001 and SOC 2), and developing and monitoring key security metrics across the business to enable effective decision-making on security.
We’ll give you the opportunity to get to hands-on exposure to the latest technologies and practices and entrusted with crucial responsibilities, with a commitment to helping you develop new skills and advance in your career while you play a key part in our ambitious expansion.
Who we are:
At TrueLayer, we’re building a global open banking platform that’s changing how money moves and so much more. We make payments and refunds instant, account data accessible and verification seamless — all so innovators in every industry can build better financial experiences for their users.
To date, we’ve raised $270 million from world-renowned investors including Stripe, Tiger Global, Addition and Tencent. We’ve got offices in London, Milan, Dublin and Sydney. And we’re trusted by industry leaders like Revolut, Cazoo and Trading 212… though we’re not stopping here.
Our vision is a financial system that works for everyone. To make that happen, we’re creating original and innovative products that will remove the friction from finance for good. We’re seriously scaling our infrastructure, we’re entering new territories all the time, we’re cornering a whole new category — and we’d like your help to get us there.
As our GRC Specialist, you will:
- Maintain and create new security policies, procedures and standards
- Take ownership of the security assessment within our supplier onboarding process
- Work with our commercial team to assist with integral security due diligence for our clients throughout their lifecycle
- Ensure or documentation, controls and processes are ready for security audits e.g. ISO 27001 and SOC 2
- Work closely with the risk and compliance team to ensure that key metrics are being monitored and processes followed
What we need from you:
- Experience developing or auditing a security program inline with standards and frameworks such as ISO 27001 or SOC 2
- Knowledge and experience of security auditing techniques
- A self-starter, and can tackle critical projects with minimal supervision
- Can demonstrate exceptional communication skills, with a talent for conveying security concepts to colleagues of technical and non-technical backgrounds
- Passion for championing security best practices in a fast-growing, ambitious startup
Nice to haves:
- Have experience in working in information security in regulated businesses, Ideally the FCA, CBI or ACCC;
- Relevant security qualifications, e.g. CISM, CISSP.
What you can expect from us:
- Competitive salary and meaningful equity in the company 💰
- Flexible hours and hybrid working — work from home🏡 and our incredible offices in London 🇬🇧 Milan 🇮🇹 Sydney 🇦🇺 and Dublin 🇮🇪
- A remote-working budget to help set up your home office 💺
- Flexible holiday policy, with 24 days as standard ✈️
- Generous parental leave, above and beyond statutory requirements and with no minimum tenure 👩👩👦
- Enhanced pension contribution at 4% & 4% 👵🏽 👴🏽
- Private Health Insurance from the day you start 🧑🏽⚕️
- 12 fully-paid Wellbeing Days a year (on top of the holiday allowance) 🕊️
- Membership of mental wellbeing platform Spill 🧘🏽♀️
- £1,000 to spend on learning & development each year 📚
- £500 per quarter (outside of required business travel) to visit our hub cities around the world 🌎I
Inclusion & Diversity
At TrueLayer, we don’t just do inclusion and diversity. We embrace people that have different opinions, perspectives and personalities. Because we believe that by seeing the world from all sorts of angles, we can make life better for all the people who live in it. So we want you to know that the things that make you, you — like your age, ability, background and identity — are things that we celebrate and support. All we ask is that you believe in what you do (And know what an API is).