Compliance Manager

The job in short

As an IT Governance, Risk and Compliance (GRC) Manager, you enable Backbase in conducting its business in full compliance with all relevant national and international laws and regulations. This also includes professional standards, accepted business practices, internal policy standards and IT Security frameworks such as SOC2, ISO27001 and PCI-DSS requirements. There is both an ethical component and a pragmatic approach to compliance that this role would require in helping the organization manage risk and build trust with its Customers. The IT GRC Manager must present a good understanding of the highly innovative and dynamic environment of a FinTech organization.

• Support design, implementation and management of IT Controls & Compliance Frameworks for an international organisation.
• Ensure compliance with industry best security practices within SaaS environments.
• Manage and coordinate customer and independent third-party attestations as part of contractual obligations and certification requirements.
• Support Third-Party Risk assessments and regular assurance program.
• Prior experience working with GRC tools and platforms.
• Ability to analyse and translate laws, regulations and technical requirements into commercially focused business processes.
• Ability to execute and report status on Risk Assessment and Risk Mitigation Program metrics.
• Proficient at maintaining policies and procedures as part of the Policy Governance Framework and coordinating that with other departments.

• Ability to integrate in an Agile/Scrum working environment to drive teams.
• Knowledge of multiple security and privacy frameworks, Third-party risk, outsourcing and banking regulations, etc.
• Knowledge of Secure-SDLC tooling and design.
• Knowledge of modern cloud technologies (AWS, Azure) and risks associated with Software-as-a-Service model.
• Knowledge of Open Banking / PSD2 is an added advantage.
• Knowledge of the requirements of ethics & compliance programs in international business.

• Proven ability to lead tactical compliance setup and operations.
• Subject Matter Expert with the ability to give concise and to-the-point compliance advice.
• Proactive & analytical program management approach.
• Strategic problem solver who can take issues and find practical business solutions.

• Internal & external stakeholder management.
• Collaboration and interaction with colleagues from all relevant departments, vendors, partners and customers.

• Minimum of 6-8 years of relevant working experience in the practical implementation of Compliance programs in an international environment.
• Bachelor’s degree required; Academic degree desired in the area of IT Security, Risk Management, Cyber Security, Information Security.
• Fluent English - written and spoken required (mandatory).
• Professional certifications (e.g. ISC2 or CompTIA certifications) desired or willingness to obtain them.
• Experience with managing in a functional way (not hierarchical).
• Ability to work with the latest tech stack (Latest Azure Services, Grafana, Elastic Cloud, Open Source tooling, Dependency Track, Trivy etc. - Security Tools).