top 3 scores:
Autonomy
Benefits
Hours flexibility
Job Description
Who we are:
At TrueLayer, we’re creating a payments network that better connects banks, businesses and everybody. And we’re going big. We’re taking on cards with a payment method that’s actually designed for the online, on-demand world we live in. Removing friction from the most crucial part of commerce: the payment.
To date, we’ve raised $270 million from world-renowned investors including Stripe, Tiger Global, Addition and Tencent. We’ve got offices in London, Milan and Dublin. And we’re trusted by industry leaders like Coinbase, Revolut and William Hill… though we’re not stopping here.
We’re on a mission to change the way the world pays, invests, shops and saves. To transform how people approach payments. To build a brand that redefines an entire industry — and we’d like your help to get us there. So what do you say?
Description
Security is a core pillar across all of TrueLayer’s products. Building, maintaining and monitoring our security infrastructure, as well as championing best security practices across the business, they empower both their colleagues and our clients and ensure the availability, stability and security of our platform.
The GRC function within the Security team supports compliance required for customers to be onboarded and drive revenue and therefore needs to grow to support the business growth. We’re looking for a GRC Specialist to join our existing team to shape and mature our Security GRC function and embed scalable processes.
As part of an ambitious team, you’ll be given hands-on exposure to the latest technologies and practices and entrusted with crucial responsibilities and decisions, playing a key part in securing our products as we continue to grow.
As our GRC Specialist, you will:
- Be responsible for supporting the Security GRC Lead to ensure the effective day to day management of tasks and processes related to information security governance, risk and compliance.
- Contributing to audit and attestation activities.
- Supporting the management of the security risk register and related risk treatment plans which could involve designing compensating control and conducting exception reviews.
- Supporting the development of the internal controls framework, linking information security risks to controls.
- Support with a triage of all security GRC related queries from the business and escalate the GRC lead as necessary.
- Completion of Security Due diligence requests.
- Supplier Due diligence reviews.
- Audit - There are several audits that happen throughout the year that are managed by the GRC and require time throughout the year to embed and monitor controls for ‘audit readiness’ and to maintain security practices.
- These include but are not limited to:
- SOC 2 Type 2
- ISO 27001
- Cyber Essentials
- Cyber Essentials Plus
- ISO 270011 Internal Audit
- Regulatory reporting input
- Supplier Due Diligence
- Customer Due Diligence
Requirements
Who you are:
- Previous experience in a GRC role or similar capacity, preferably within the technology or financial services industry.
- Demonstrated knowledge of information security governance, risk management, and compliance frameworks (e.g., ISO 27001, SOC 2, Cyber Essentials).
- Experience in conducting audits and attestation activities, including familiarity with audit processes and methodologies.
- Strong analytical skills with the ability to assess risks and develop effective risk mitigation strategies.
- Excellent communication skills, both verbal and written, with the ability to interact effectively with stakeholders at all levels.
- Detail-oriented with a focus on accuracy and precision in documentation and reporting.
- Proficiency in project management, including the ability to prioritize tasks and manage multiple projects concurrently.
- Familiarity with regulatory requirements relevant to the financial services industry (e.g., GDPR, PSD2) is desirable.
- Ability to collaborate effectively within a team environment and contribute to a positive and inclusive workplace culture.
- Willingness to learn and adapt to new technologies, processes, and industry developments.
We would be really excited if you have:
- Bachelor's degree in Information Security, Computer Science, Business Administration, or a related field.
- Understanding of NIST
- A relevant certification (e.g., CISA, CISSP, CRISC) is a plus.
Don’t meet all the requirements?
Multiple studies have shown that women and people of underrepresented groups are sometimes less likely to apply to jobs unless they meet every single requirement. At Truelayer, we are committed to building a diverse workforce, so if you are excited about this role and have the essential skills, but not the entire checklist - we’d still love to hear from you!
Benefits
What you can expect from us:
- Meaningful equity in the company 💰
- Flexible hours and hybrid working — work from home 🏡 3 days a week and our incredible offices 2 days a week in London 🇬🇧Milan 🇮🇹 and Dublin 🇮🇪
- Need to collect the kids from childcare? Love a workout in the gym first thing? No worries, we trust you to do your best work within our hybrid framework 🧘
- A one-off remote-working budget to help you set up your home office 💺
- 24 days holiday as standard ✈️ with flexible bank holidays, so you can take those days whenever you like 🌍
- 12 fully-paid wellbeing days a year and your birthday off (on top of the holiday allowance) 🕊️
- 2 volunteering days to support causes important to you
- 90 day ‘work from abroad’ policy 👩💻☀️
- Generous parental leave, above and beyond statutory requirements and with no minimum tenure 👪
- Competitive pension contribution at 4% & 4% 🧓
- Private health insurance from the day you start 🧑⚕️
- Membership of mental wellbeing platform Spill and premium Calm subscription
- A £1000 budget to spend on learning & development each year 📚
- Free lunch from Just Eat 🥙 (If you choose to work from the office on Tuesdays, Wednesdays and Thursdays)
At TrueLayer, we don’t just do inclusion and diversity. We embrace people that have different opinions, perspectives and personalities. Because we believe that by seeing the world from all sorts of angles, we can make life better for all the people who live in it. We strongly encourage applications from underrepresented groups (e.g. people of colour, the LGBTQ+ community, people with disabilities, neurodivergent people, parents, carers, and people from all socio-economic backgrounds). If you’d like to discuss alternative working patterns, please let us know.
We will always aim to make appropriate adjustments to ensure we are fully inclusive to people with different needs during our interview process. So if you need us to make any adjustments to suit your individual needs please let us know - we’ll be happy to support you.
Company benefits
We asked employees of TrueLayer what it's like to work there, and this is what they told us.
Working at TrueLayer
Company employees
Gender diversity (male:female)
Office locations
Funding levels
Hiring Countries
Ireland
Italy
United Kingdom
Awards & Achievements
Other jobs you might like
Overall FlexScore®
Associate Director Cybersecurity and Technology Audit
Basking Ridge, New Jersey | Lake Mary, Florida | Alpharetta, Georgia
26 Sept
Overall FlexScore®