Manager, Security Governance Risk & Compliance in London

Manager, Security Governance Risk & Compliance in London

London Full-Time 80000 - 100000 £ / year (est.) Home office (partial)
BigCommerce

At a Glance

  • Tasks: Lead compliance programs and manage critical security audits across multiple business units.
  • Company: Join a forward-thinking company revolutionising commerce with AI-driven solutions.
  • Benefits: Competitive salary, inclusive culture, and opportunities for professional growth.
  • Other info: Dynamic team environment focused on innovation and collaboration.
  • Why this job: Shape the future of commerce while ensuring robust security and compliance.
  • Qualifications: 6-10 years in Information Security or GRC with strong audit program experience.

The predicted salary is between 80000 - 100000 £ per year.

Welcome to the Agentic Commerce Era. At Commerce, our mission is to empower businesses to innovate, grow, and thrive with our open, AI-driven commerce ecosystem. As the parent company of BigCommerce, Feedonomics, and Makeswift, we connect the tools and systems that power growth, enabling businesses to unlock the full potential of their data, deliver seamless and personalized experiences across every channel, and adapt swiftly to an ever-changing market.

As a Manager of Security GRC, you will lead our compliance programs and serve as the strategic owner of our audit portfolio at Commerce. You will oversee our most critical certification and regulatory programs — including PCI DSS, SOC 2, ISO 27001, and other security audits — ensuring compliance is embedded into our business as usual (BAU) operations and that our control environment is continuously audit-ready across Commerce, Feedonomics, and Makeswift.

You will serve as the organizational bridge between Engineering, Infrastructure, Legal, Privacy, and external auditors, translating complex regulatory requirements into clear, executable programs. A core part of this role is working directly with control owners across all business units to ensure they understand their obligations, maintain evidence, and operate within the control framework. This role reports into our GRC function and leads a team of analysts responsible for audit success and control framework integrity.

What You'll Do:

  • Audit Ownership: Own the end-to-end lifecycle of Commerce's core audit programs — PCI DSS 4.0, SOC 2 Type 2, ISO 27001, and SOX — across Commerce, Feedonomics, and Makeswift, including scoping, evidence strategy, auditor management, and final report outcomes.
  • Control Owner Engagement: Partner with control owners across all three business units to ensure they understand their compliance obligations, maintain audit-ready evidence, and operate effectively within the BC Secure Controls Framework on an ongoing basis.
  • External Auditor Relationships: Serve as the primary point of contact for QSAs, external auditors, and certification bodies. Defend the control environment, manage audit timelines, and minimize disruption to technical teams.
  • Continuous Audit Readiness: Drive the operationalization of audit requirements into BAU workflows across all business units, reducing reliance on point-in-time evidence collection and eliminating audit fatigue organization-wide.
  • Findings & Remediation: Own the tracking and closure of audit findings and control gaps across Commerce, Feedonomics, and Makeswift. Partner with control owners to deliver pragmatic, risk-informed remediation plans within defined timelines.
  • PCI 4.0 Evolution: Direct the ongoing maturity of Commerce's PCI DSS 4.0 program, including Targeted Risk Analyses (TRAs), customized approach applicability, and annual assessment planning.
  • Scoping & Segmentation: Partner with Cloud Engineering to validate and maintain PCI scope across Commerce's global footprint, ensuring effective network segmentation and data flow isolation.
  • ISA Oversight: Manage and support ISA-designated personnel; ensure the ISA function operates with rigor and consistency aligned to PCI Council standards.
  • Integrated Controls Framework: Oversee Commerce's Secure Controls Framework (SCF), built from NIST, ISO 27001, and PCI DSS, ensuring controls are designed, tested, and documented to satisfy multiple regulatory obligations simultaneously across all business units.
  • Compliance by Design: Provide GRC leadership on architectural reviews, product launches, and infrastructure changes across Commerce, Feedonomics, and Makeswift to ensure regulatory requirements are addressed upstream — not as an afterthought.
  • Regulatory Intelligence: Stay ahead of emerging requirements across PCI, SOC, and ISO 27001:2022, translating regulatory changes into actionable program updates.

Who You Are:

  • Experience: 6–10 years in Information Security, IT Audit, or GRC, with demonstrated ownership of enterprise-level audit programs (PCI, SOC 2, ISO 27001, or SOX).
  • Audit Fluency: Proven track record managing Level 1 Service Provider assessments and navigating complex, multi-framework audit environments spanning multiple business units or legal entities.
  • Control Owner Partnership: Demonstrated ability to work cross-functionally with control owners and operational teams, holding stakeholders accountable to their compliance obligations while maintaining strong working relationships.
  • Regulatory Expertise: Deep working knowledge of PCI DSS 4.0, ISO 27001:2022, SOC 2 Trust Service Criteria, and SOX IT general controls.
  • Leadership Presence: Ability to influence and manage cross-functional stakeholders at all levels — from engineers to executives — with clarity, diplomacy, and conviction.
  • Communication: Skilled at translating compliance requirements into business-relevant language that drives enablement rather than friction.
  • Certification: PCI ISA, CISA, CISSP, or equivalent audit/security certification strongly preferred.
  • Big 4 Experience: Prior experience at a Big 4 advisory or audit firm (Deloitte, PwC, EY, KPMG) in an IT audit, risk advisory, or security compliance capacity is a strong plus.
  • Cloud Security: Experience applying GRC frameworks in cloud-native environments and familiarity with modern cloud security tooling.
  • You lead with the 'Why': You build compliance programs that improve security posture — not just check boxes. Your teams and control owners understand the intent behind every requirement.
  • Strategically Grounded, Technically Fluent: You can hold your own in a conversation about IAM policies or network segmentation, and you can turn that same conversation into an executive briefing.
  • Multi-Entity Mindset: You are comfortable operating across distinct business units with different tech stacks, cultures, and maturity levels — bringing consistency to the control framework without losing sight of context.
  • Calm Under Audit Pressure: You thrive in high-stakes audit cycles and know how to keep teams focused, organized, and confident when external scrutiny is highest.

Inclusion and Belonging: At Commerce, we believe that celebrating the unique histories, perspectives and abilities of every employee makes a difference for our company, our customers and our community. We are an equal opportunity employer and the inclusive atmosphere we build together will make room for every person to contribute, grow and thrive.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions and to receive other benefits and privileges of employment. If you need an accommodation in order to interview at Commerce, please let us know during any of your interactions with our recruiting team.

Manager, Security Governance Risk & Compliance in London employer: BigCommerce

At Commerce, we pride ourselves on fostering a dynamic and inclusive work culture that empowers our employees to innovate and grow. As a leader in the AI-driven commerce ecosystem, we offer exceptional benefits, including competitive salaries, professional development opportunities, and a commitment to work-life balance, all within a collaborative environment that values diverse perspectives. Join us in shaping the future of commerce while enjoying the unique advantages of working in a forward-thinking company that prioritises your growth and well-being.

BigCommerce

Contact Details:

BigCommerce Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land Manager, Security Governance Risk & Compliance in London

Join Compliance Communities

Get involved in compliance and risk communities — both online and offline. Look for forums, LinkedIn groups, or even local meetups where compliance pros hang out. You never know who might drop a job opportunity your way!

Attend Industry Conferences

Keep an eye out for compliance and risk management conferences and workshops in your area. These events are a goldmine for networking, and they often have job boards or recruiters on-site looking for new talent. Plus, it’s a chance to learn what's trending in the field.

Leverage Your University Career Services

If you’ve recently graduated or are still studying, head over to your university's career services. Many companies, including those in compliance, actively recruit fresh talent through these services, so make sure you tap into that resource.

Showcase Your Knowledge Online

Start writing articles or blog posts about compliance topics that interest you. Share them on platforms like LinkedIn to demonstrate your knowledge and passion. This not only builds your presence in the field but can also catch the attention of companies like BigCommerce looking for candidates who are engaged and informed.

We think you need these skills to ace Manager, Security Governance Risk & Compliance in London

Information Security
IT Audit
GRC (Governance, Risk, and Compliance)
PCI DSS 4.0
SOC 2
ISO 27001:2022
SOX IT General Controls

Some tips for your application 🫡

Show Your Understanding of Compliance:In the compliance-risk field, it's super important to showcase your understanding of regulations and risk management frameworks. Highlight any relevant coursework, certifications (like ICA or AML), or even projects that demonstrate your knowledge and commitment to this area. We want to see how you can navigate this complex landscape!

Quantify Your Achievements:When detailing your experience, try to quantify your achievements. For example, if you've previously worked on a project that improved compliance metrics or reduced risk exposure, give us the numbers! This data-driven approach really stands out to hiring managers in compliance-risk roles.

Tailor Your CV to Reflect Relevant Skills:Make sure your CV highlights skills that are particularly relevant to compliance, like attention to detail, analytical thinking, and report writing. Ensure these are easy to spot – consider using bullet points to break down your responsibilities and achievements for maximum impact!

Craft a Motivating Cover Letter:In your cover letter, let us know why you’re excited about the compliance-risk role at BigCommerce. Share what motivates you about compliance, and how you believe you can contribute to our mission. This is your chance to showcase not only your skills but also your passion for this important field!

How to prepare for a job interview at BigCommerce

Master the Regulations

Brush up on key compliance regulations relevant to the industry you're applying to. Familiarising yourself with specific laws and frameworks used in your field will give you an edge during technical questions. Show that you’re not just aware of them but can also apply them—think real-life scenarios!

Show Your Analytical Skills

Compliance roles really focus on analytical skills, so be prepared for case studies or situational questions during the interview. We've got to demonstrate how we approach risk assessments or compliance audits, possibly drawing on examples from past experiences or university projects. Bring some thoughtful case scenarios to discuss!

Know Your Tools

Get comfortable with commonly used compliance software and tools. Familiarity with platforms like RSA or MetricStream can really impress during your interview, as it shows you're ready to hit the ground running. If you’ve had any experience with them, make sure to highlight that!

Align with Company Culture

Since it's a full-time position, show your long-term commitment and interest in the company’s mission and values. Dive into how your ethics and professional philosophy align with BigCommerce’s stance on compliance. A shared vision can really resonate with interviewers looking for fit as much as skill!