Senior Manager: Governance, Risk and Compliance

• Lead, manage, and develop the GRC team, including hiring, coaching, performance management, and succession planning. Champion a culture where governance, risk and compliance are seen as business enablers, not blockers.
• Manage our control framework, covering ISO 27001, 22301, 9001, 14001, SOC2 Type 2, PCI DSS & CE+.
• Implement and manage ISO 42001 within the integrated management system, ensuring alignment with organisational objectives.
• Partner with our Cyber Security, IT, Product and Engineering Teams to ensure that information security governance and policies remain effective, aligned with risk appetite, and embedded into day-to-day operations.
• Own and mature the Vendor Risk Management (VRM) framework, including vendor criticality tiers, onboarding, due diligence, and ongoing monitoring.
• Manage and test Business Continuity Plans (BCPs) across critical business services, locations, and supporting technology.
• Own the enterprise risk management framework, methodology, and tools.
• Lead regular Information Security and AI Risk Board meetings, ensuring clear risk ownership, documented decisions, and timely follow-up on agreed actions.
• Use KPIs to monitor GRC process performance, drive continuous improvement, and evidence the value and maturity of the GRC function.
• Support the creation, enhancement, and maintenance of technical and procedural documentation (policies, standards, guidelines, and work instructions).

• At least 5+ years’ experience in the capacity of a GRC Manager/Senior GRC Analyst or a Lead Auditor is required.
• Certification in ISO 27001 and/or recognised IT governance and security certification such as CRISC, CISA, CISSP, etc.
• Experience implementing or managing Governance, Risk and Compliance (GRC) systems.
• Hands-on experience as an Internal Security Assessor for PCI DSS and leading or heavily supporting PCI DSS certification or assessments.
• Experience with NIS 2, AI governance / AI compliance, and other emerging regulatory frameworks, or clear capability to rapidly build this expertise.
• Demonstrated ability to assess and design internal controls for information security in enterprise or high-growth SaaS environments, including cloud-native architectures.
• Understanding of fundamental information security concepts and technology and have previous exposure to cloud technologies and cloud security.
• Superb English communication skills with the ability to interact effectively with multi-disciplinary teams.

• Online interview with the Senior Talent Partner.
• First stage video interview with the CISO and the Head of Cyber.
• Final stage video interview with the Chief Technology Officer and the CISO.

Be comfortable. Be you.

At Reward Gateway, we want all of our employees to feel comfortable bringing their passion, creativity and individuality to work. We value all cultures, backgrounds and experiences, as we truly believe that diversity drives innovation. Express yourself, join our community and help us Make the World a Better Place to Work.

We hire BETTER.

From perks to people, our BETTER approach to hiring earns us more trust, happier people and more world-class talent that help us to make the world a better place to work. Find out more about Reward Gateways approach to benefits, equality, talent, technology, empathy and what you’ll get in return for joining our Mission at rg.co/lifeatrg.

About Reward Gateway

Reward Gateway is culture and client driven. We’re obsessed with putting the “Human” in HR and are proud to have been 100% dedicated to HR for over a decade. Since 2007, we’ve been right by the side of the world’s most innovative HR people, giving them beautiful products and tools they can use to attract, engage and retain their people.

The world’s most successful companies treat their people differently. They generate stock market returns of twice their peers and they have half the employee turnover. 76% of CEOs recognize that employee engagement is vital to their success but only 24% say they have a highly engaged company. Bridging that engagement gap is what drives us.