Manager, Security Governance Risk & Compliance

Manager, Security Governance Risk & Compliance

Full-Time 80000 - 120000 £ / year (est.) No working from home possible
Commerce Software UK Ltd

At a Glance

  • Tasks: Lead compliance programs and manage critical security audits across multiple business units.
  • Company: Join a forward-thinking tech company driving innovation in the commerce ecosystem.
  • Benefits: Competitive salary, inclusive culture, and opportunities for professional growth.
  • Other info: Collaborative team atmosphere with a focus on continuous learning and development.
  • Why this job: Make a real impact by ensuring security and compliance in a dynamic environment.
  • Qualifications: 6-10 years in Information Security or GRC with strong audit program management skills.

The predicted salary is between 80000 - 120000 £ per year.

Welcome to the Agentic Commerce Era at Commerce, our mission is to empower businesses to innovate, grow, and thrive with our open, AI‑driven commerce ecosystem. As the parent company of BigCommerce, Feedonomics, and Makeswift, we connect the tools and systems that power growth, enabling businesses to unlock the full potential of their data, deliver seamless and personalized experiences across every channel, and adapt swiftly to an ever‑changing market. We believe in harnessing AI responsibly to unlock new possibilities, and we’re looking for individuals who use it intentionally to solve problems, accelerate outcomes, and expand what’s possible in their role. Our purpose is to help businesses confidently solve complex commerce challenges so they can build smarter, adapt faster, and grow on their own terms.

As a Manager of Security GRC you will lead our compliance programs and serve as the strategic owner of our audit portfolio at Commerce. You will oversee our most critical certification and regulatory programs — PCI DSS, SOC 2, ISO 27001, and other security audits — ensuring compliance is embedded into our business as usual (BAU) operations and that our control environment is continuously audit‑ready across Commerce, Feedonomics, and Makeswift. You will serve as the organizational bridge between Engineering, Infrastructure, Legal, Privacy, and external auditors, translating complex regulatory requirements into clear, executable programs. A core part of this role is working directly with control owners across all business units to ensure they understand their obligations, maintain evidence, and operate within the control framework. This role reports into our GRC function and leads a team of analysts responsible for audit success and control framework integrity.

What You’ll Do

  • Audit Ownership: Own the end‑to‑end lifecycle of Commerce’s core audit programs — PCI DSS 4.0, SOC 2 Type 2, ISO 27001, and SOX — across Commerce, Feedonomics, and Makeswift, including scoping, evidence strategy, auditor management, and final report outcomes.
  • Control Owner Engagement: Partner with control owners across all three business units to ensure they understand their compliance obligations, maintain audit‑ready evidence, and operate effectively within the BC Secure Controls Framework on an ongoing basis.
  • External Auditor Relationships: Serve as the primary point of contact for QSAs, external auditors, and certification bodies. Defend the control environment, manage audit timelines, and minimize disruption to technical teams.
  • Continuous Audit Readiness: Drive the operationalization of audit requirements into BAU workflows across all business units, reducing reliance on point‑in‑time evidence collection and eliminating audit fatigue organization wide.
  • Integrated Controls Framework: Oversee Commerce’s Secure Controls Framework, built from NIST, ISO 27001, and PCI DSS, ensuring controls are designed, tested, and documented to satisfy multiple regulatory obligations simultaneously across all business units.
  • Compliance by Design: Provide GRC leadership on architectural reviews, product launches, and infrastructure changes across Commerce, Feedonomics, and Makeswift to ensure regulatory requirements are addressed upstream — not as an afterthought.
  • Regulatory Intelligence: Stay ahead of emerging requirements across PCI, SOC, and ISO 27001:2022, translating regulatory changes into actionable program updates.

Who You Are

  • Experience: 6–10 years in Information Security, IT Audit, or GRC, with demonstrated ownership of enterprise‑level audit programs (PCI, SOC 2, ISO 27001, or SOX).
  • Audit Fluency: Proven track record managing Level 1 Service Provider assessments and navigating complex, multi‑framework audit environments spanning multiple business units or legal entities.
  • Control Owner Partnership: Demonstrated ability to work cross‑functionally with control owners and operational teams, holding stakeholders accountable to their compliance obligations while maintaining strong working relationships.
  • Regulatory Expertise: Deep working knowledge of PCI DSS 4.0, ISO 27001:2022, SOC 2 Trust Service Criteria, and SOX IT general controls.
  • Leadership Presence: Ability to influence and manage cross‑functional stakeholders at all levels — from engineers to executives — with clarity, diplomacy, and conviction.
  • Communication: Skilled at translating compliance requirements into business‑relevant language that drives enablement rather than friction.
  • Certification: PCI ISA, CISA, CISSP, or equivalent audit/security certification strongly preferred.
  • Big 4 Experience: Prior experience at a Big 4 advisory or audit firm (Deloitte, PwC, EY, KPMG) in an IT audit, risk advisory, or security compliance capacity is a strong plus.
  • Cloud Security: Experience applying GRC frameworks in cloud‑native environments and familiarity with modern cloud security tooling.

Benefits

US Pay Transparency Range: $112,870.00 – $169,306.00

Equal Opportunity Employer

At Commerce we believe that celebrating the unique histories, perspectives, and abilities of every employee makes a difference for our company, our customers, and our community. We are an equal opportunity employer and the inclusive atmosphere we build together will make room for every person to contribute, grow, and thrive. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the interview process, to perform essential job functions, and to receive other benefits and privileges of employment. If you need an accommodation in order to interview at Commerce, please let us know during any of your interactions with our recruiting team.

Manager, Security Governance Risk & Compliance employer: Commerce Software UK Ltd

At Commerce, we pride ourselves on being an exceptional employer that fosters a culture of innovation and collaboration. Our commitment to employee growth is evident through our comprehensive training programs and the opportunity to work with cutting-edge AI technologies in a dynamic environment. Located in a vibrant area, we offer competitive benefits and a supportive atmosphere where every team member can thrive and contribute to meaningful projects that empower businesses worldwide.

Commerce Software UK Ltd

Contact Details:

Commerce Software UK Ltd Recruitment Team

We think you need these skills to ace Manager, Security Governance Risk & Compliance

Information Security
IT Audit
GRC (Governance, Risk, and Compliance)
PCI DSS 4.0
SOC 2
ISO 27001:2022
SOX IT General Controls