Security and Compliance Delivery Lead in City of London

About GSS

Hello. Welcome to GSS! We are a Network-Driven Managed Service transforming the global financial system with cutting-edge technology, including AI/Machine Learning and collaboration with top financial institutions. GSS will become the industry default for screening transactions for sanctions risk – through a consistent, standardised, and scalable model. Supported by regulators, trusted by the market. Join us in revolutionising the industry and making a real impact!

About the Role

This is a super exciting role because providing transformational technology to financial institutions, and in a highly regulated domain such as financial crime, requires top notch security and the participation of everyone at GSS. We are seeking a Security and Compliance Delivery Lead who knows how to drive security in depth and by design, from developer to end user and across people, process and tools. As a scaling business, we need to remain laser focussed on the cultivation of a security sensitive culture across the business.

This role requires a leader who will be risk orientated, pragmatic, with a good understanding of cloud technologies and experience of achieving world-class security in a frictionless and inclusive manner. You will understand that our people are the frontline for security and so process and tools are most effective when readily accepted and leveraged by everyone within the organisation.

What You’ll Do

The Security and Compliance Delivery Lead, alongside the CTO, is ultimately accountable for security and compliance with external certifications at GSS. Within this role, you will collaborate with your peers to drive platform, enterprise and application security along with ensuring compliance to standards such as ISO27001. You will lead a team that covers security operations, security engineering and compliance and driving a best-in-class security culture across the organisation.

• Strategic Leadership: In collaboration with the CTO, develop and execute a strategic security plan that aligns with our business objectives and regulatory requirements. Ensure the security strategy is adaptable to the evolving fintech landscape.
• Risk Management: Identify, assess, and prioritise information security risks. Implement risk management practices to mitigate potential threats and vulnerabilities. Support the business with the Risk Management Framework and risk meetings.
• Policy and Compliance: Establish and enforce policies, procedures, and standards. Ensure compliance with industry regulations (e.g. GDPR, CCPA, ISO27001 and SOC2) and internal policies. Manage the certification processes.
• Incident Response: Lead the development and execution of security incident response plans. Manage and coordinate responses to security breaches, including forensic analysis and remediation.
• Collaboration: Work closely with other GSS leaders, engineering and operations teams, and external partners to integrate security measures into all aspects of business operations. Foster a culture of security awareness and best practices throughout the organisation.
• Governance and Reporting: Oversee the governance of information security practices and ensure regular reporting to the executive team and board of directors. Present security metrics, risk assessments, and updates on security posture.
• Innovation and Improvement: Stay current with emerging threats, technologies, and trends in the cybersecurity landscape. Continuously assess and enhance our security architecture and practices.

Ideal Experience

• Experience: Proven experience (10+ years) in security, with at least 3 years in a leadership role. Experience in the fintech or financial services industry is highly desirable.
• Education & experience: Proven, demonstrable experience in computer science, information security, or a related field. A bachelor’s degree or professional certifications (e.g. CISSP, CISM, CISA) are advantageous.
• Technical Expertise: Deep knowledge of information security principles, frameworks, and best practices. Proficiency in cloud and security technologies, threat management, and risk assessment tools.
• Leadership Skills: Strong leadership and team management abilities. Excellent communication and interpersonal skills, with the ability to influence and collaborate across all levels of the organisation.
• Change management experience: Demonstrable experience of driving company wide participation in countering cyber risk.
• Analytical Skills: Exceptional analytical and problem-solving skills. Ability to assess complex security issues under pressure and provide clear, actionable recommendations.
• Adaptability: Ability to thrive in a fast-paced, dynamic environment. Demonstrated track record of managing change and adapting to new challenges.

What You Get in Return

• Impactful Work: Be part of a growing startup where your contributions make a real difference.
• Generous Leave: Enjoy 30 days of holiday (plus bank holidays).
• Comprehensive Benefits: Including a generous pension scheme, private medical insurance, and life assurance.
• Wellbeing Perks: Access to EAP, YuLife, holistic wellbeing programs, and a Virtual GP for your health and happiness.
• Flexibility: Hybrid working environment (we are open to remote working for some roles, please check with us at application) with a ‘work abroad’ policy for up to 4 weeks a year.
• Learning: Access to Udemy, a learning platform with thousands of top-rated courses to develop both tech and business skills.

Ready to revolutionise finance and have fun doing it? Join GSS where we live by our values: Respect, Ownership, Synergy, Efficiency. Come join us and take your career to new heights!

Diversity statement: We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to, among other things, race, religion, gender, sexual orientation, gender identity, national origin, age or disability.