3–4 days/week at home

Fully flexible hours

Dog friendly

Apply now

Job Description

Who we are:

At TrueLayer, we’re creating a payments network that better connects banks, businesses and everybody. And we’re going big. We’re taking on cards with a payment method that’s actually designed for the online, on-demand world we live in. Removing friction from the most crucial part of commerce: the payment.

To date, we’ve raised $270 million from world-renowned investors including Stripe, Tiger Global, Addition and Tencent. We’ve got offices in London, Milan and Dublin. And we’re trusted by industry leaders like Coinbase, Revolut and William Hill… though we’re not stopping here.

We’re on a mission to change the way the world pays, invests, shops and saves. To transform how people approach payments. To build a brand that redefines an entire industry — and we’d like your help to get us there. So what do you say?


Security is a core pillar across all of TrueLayer’s products. Building, maintaining and monitoring our security infrastructure, as well as championing best security practices across the business, they empower both their colleagues and our clients, and ensure the availability, stability and security of our platform.

The GRC function within the Security team supports compliance required for customers to be onboarded and drive revenue and therefore needs to grow to support the business growth. We’re looking for a GRC Specialist to join our existing team to shape and mature our Security GRC function and embed scalable processes.

As part of an ambitious team, you’ll be given hands-on exposure to the latest technologies and practices and entrusted with crucial responsibilities and decisions, playing a key part in securing our products as we continue to grow.

As our GRC Specialist, you will:

  • Be responsible for supporting the Security GRC Lead to ensure the effective day to day management of tasks and processes related to information security governance, risk and compliance.
  • Contributing to audit and attestation activities.
  • Supporting the management of the security risk register and related risk treatment plans which could involve designing compensating control and conducting exception reviews.
  • Supporting the development of the internal controls framework, linking information security risks to controls.
  • Support with a triage of all security GRC related queries from the business and escalate the GRC lead as necessary.
  • Completion of Security Due diligence requests.
  • Supplier Due diligence reviews.
  • Audit - There are several audits that happen throughout the year that are managed by the GRC and require time throughout the year to embed and monitor controls for ‘audit readiness’ and to maintain security practices.
  • These include but are not limited to:
    • SOC 2 Type 2
    • ISO 27001
    • Cyber Essentials
    • Cyber Essentials Plus
    • ISO 270011 Internal Audit
  • Regulatory reporting input
  • Supplier Due Diligence
  • Customer Due Diligence


Who you are:

  • Previous experience in a GRC role or similar capacity, preferably within the technology or financial services industry.
  • Demonstrated knowledge of information security governance, risk management, and compliance frameworks (e.g., ISO 27001, SOC 2, Cyber Essentials).
  • Experience in conducting audits and attestation activities, including familiarity with audit processes and methodologies.
  • Strong analytical skills with the ability to assess risks and develop effective risk mitigation strategies.
  • Excellent communication skills, both verbal and written, with the ability to interact effectively with stakeholders at all levels.
  • Detail-oriented with a focus on accuracy and precision in documentation and reporting.
  • Proficiency in project management, including the ability to prioritize tasks and manage multiple projects concurrently.
  • Familiarity with regulatory requirements relevant to the financial services industry (e.g., GDPR, PSD2) is desirable.
  • Ability to collaborate effectively within a team environment and contribute to a positive and inclusive workplace culture.
  • Willingness to learn and adapt to new technologies, processes, and industry developments.

We would be excited if you have:

  • Bachelor's degree in Information Security, Computer Science, Business Administration, or a related field.
  • Understanding of NIST
  • A relevant certification (e.g., CISA, CISSP, CRISC) is a plus.


What you can expect from us:

  • Meaningful equity in the company 💰
  • Flexible hours and hybrid working - we offer a hybrid approach to work of 3 days per week remote working 🏡 and 2 days per week in our new offices in London 🇬🇧 Milan 🇮🇹 and Dublin 🇮🇪
  • Need to collect the kids from childcare? Love a workout in the gym first thing? No worries, we trust you to do your best work within our hybrid framework 🧘
  • A one-off remote-working budget to help you set up your home office 💺
  • 24 days holiday as standard ✈️ with flexible bank holidays, so you can take those days whenever you like 🌍
  • 12 fully-paid wellbeing days a year and your birthday off (on top of the holiday allowance) 🕊️
  • 2 volunteering days to support causes important to you
  • 90 day ‘work from abroad’ policy 👩‍💻☀️
  • Generous parental leave, above and beyond statutory requirements and with no minimum tenure 👪
  • Competitive pension contribution at 4% & 4% 🧓
  • Private health insurance from the day you start 🧑‍⚕️
  • Membership of mental wellbeing platform Spill and premium Calm subscription
  • A £1000 budget to spend on learning & development each year 📚
  • Free lunch from Just Eat 🥙 (If you choose to work from the office on Tuesdays, Wednesdays and Thursdays)

At TrueLayer, we don’t just do inclusion and diversity. We embrace people that have different opinions, perspectives and personalities. Because we believe that by seeing the world from all sorts of angles, we can make life better for all the people who live in it. We strongly encourage applications from underrepresented groups (e.g. people of colour, the LGBTQ+ community, people with disabilities, neurodivergent people, parents, carers, and people from all socio-economic backgrounds). If you’d like to discuss alternative working patterns, please let us know.

We will always aim to make appropriate adjustments to ensure we are fully inclusive to people with different needs during our interview process. So if you need us to make any adjustments to suit your individual needs please let us know - we’ll be happy to support you.

Company benefits

Open to part-time employees
Open to compressed hours
Enhanced maternity leave – above and beyond statutory requirements and with no minimum tenure
Enhanced paternity leave
Adoption leave
Work from anywhere scheme – max. 90 days a year as part of our hybrid work policy
24 days annual leave + bank holidays
Work from home allowance
Co-working space allowance
Pregnancy loss leave
Teambuilding days
Membership of mental wellbeing platform
Private health insurance from the day you start
12 fully-paid wellbeing days a year (on top of the holiday allowance)
£1,000 to spend on learning & development each year
Open up allowance - A £500/ quarter budget to visit colleagues and work from our offices in other countries
Employees are somewhat happy with their working location freedom
Employees are largely happy with the flexibility in the hours they work
Employees are largely happy with the benefits their company offers
Work-life balance
Employees feel that they can switch off quite easily from work
Role modelling
Employees feel flexible working is supported for some people
Employees feel that they can mostly manage how they get their own work done

Working at TrueLayer

Company employees


Gender diversity (male:female)


Office locations

UK, Italy, Ireland

Funding levels


Hiring Countries

United Kingdom

Awards & Achievements

Finance & Insurance

Finance & Insurance

Industry awards 2023
Most flexible companies

Most flexible companies

Flexa100 2023
Finance & Insurance

Finance & Insurance

Industry awards 2022

Other jobs you might like