Manager_Info Security Governance Risk & Compliance (£60-£70K)

Title: Manager, Information Security, Governance, Risk and Compliance

Location: Remote, UK

About PSI

We are PSI Services. We power world leading tests, supported by trusted science and the best test-taker experience. We help test-takers pursue their dreams and gain important certifications. Our core purpose is to empower people to achieve their dreams by providing top workforce solutions that combine technology and science.

We seek top talent to join our team, fostering a creative, supportive, and inclusive culture that empowers employees to be their authentic selves and utilize their talents.

At PSI, we are committed to diversity, equity, and inclusion, which are integral to our culture and employee lifecycle.

About the Role

This managerial role leads activities related to quality, environment, risk, data security, privacy, and compliance, ensuring adherence to ISO, PCI, and other industry standards. The goal is to provide assurances to stakeholders about our commitment to data security and privacy.

This is a full-time, permanent position, Monday to Friday, with flexible hours around 0900-1700. The role provides leadership to the Information Security and Compliance Analyst, reporting to the Director of Information Security, Governance, Risk and Compliance. It can be performed remotely, with occasional travel for audits.

Role Responsibilities

1. Design and deploy the security GRC framework as the main point of contact.
2. Maintain an integrated end-to-end security GRC framework in partnership with all team members.
3. Manage security policies, standards, procedures, and guidelines, including handling exceptions.
4. Ensure controls are effective and policies are up-to-date with changing business and IT environments.
5. Ensure compliance with client, regulatory, and internal requirements cost-effectively.
6. Automate and streamline security GRC processes.
7. Provide multi-level reports to stakeholders, including executives, clients, and regulators.
8. Manage security assessments and coordinate with external consultants and auditors.
9. Build cross-disciplinary partnerships to align the security GRC program with business objectives.
10. Oversee internal and external audits, maintaining certifications like ISO27001, ISO22301, ISO9001, ISO14001, and SOC2 Type 2.
11. Maintain and develop risk management programs for entity and third-party risks.
12. Educate staff on security threats, risks, policies, and best practices.
13. Contribute to operational reporting and analyze security trends to identify risks and improve controls.
14. Manage security violations, infractions, and exceptions.
15. Prepare plans for security reviews, audits, and compliance tasks.