Information Security & Compliance Manager
Are you ready to lead InfoSec and Compliance for the number one FinTech to watch in 2018?
Do you bring extensive and relevant experience of leading ISO27001 and PCI DSS certifications
If so, then we'd love to speak to you.
From our Tom Dixon designed HQ, Divido (http://divido.com/)
Divido is a technology platform for retailers, banks and payment companies that want to offer end-consumers the option to pay for anything in monthly instalments, in-store and online. Retailers that offer instant finance at the point of sale attract more customers, increase average order values and increase conversion rates.
Instalment credit is a €500bn global industry and Divido’s clients include brands like BMW, Lenovo and HTC. Last year, company revenue grew by over 450% and Google named the firm one of the ten best tech businesses in Europe. This year, Divido is expanding to the US, Australia, Germany, France, Spain, Italy and the Nordics – making it the largest platform for consumer finance in the world.
Divido is owned by Mastercard and American Express as well as the investors behind businesses like iZettle, TransferWise and Revolut.
We have a great product, and a great team, but don't take our word for it. Check out our reviews!
From Consumers, via TrustPilot: https://goo.gl/VSwZhL
From Clients, BMW Case Study (Video): https://goo.gl/7x3kmp
From Employees, via Glassdoor: https://goo.gl/X41Ym2
About the role:
As the Information Security (InfoSec) Compliance Manager reporting into the Head of Delivery with expert knowledge of ISO 27001 and PCI-DSS (including latest versions). You will guide and drive the information security and data protection compliance strategy along with managing day to day compliance activities.
You will be responsible for:
- Working and liaising with internal stakeholders (IT, business operations, legal) and external stakeholders (industry bodies, lenders, merchants/client retailers, payment service providers and card schemes) as needed to complete ISO 27001 and PCI DSS certifications
- Working closely and building awareness with IT department on application and network security requirements
- Implementing enterprise processes required by GDPR, ISO 27001 and PCI DSS certifications
- Leading organisational change to required to maintain compliance and improve performance; Taking point for remediation information security and data protection audit findings
- Designing and delivering training to Divido staff worldwide with an aim to instil information security and data protection practices
- Responding to and managing data privacy, information security, and freedom of information queries/questionnaires from external stakeholders
- Coordinating responses/undertaking investigations in relation to any data privacy/security incidents as part of an overall Security Incident Management Process, including where appropriate self-reporting under the GDPR within stipulated timeframes.
- Being the Divido subject-matter-expert, keeping abreast of changes in the standards, relevant legislation, and industry best practice; make adjustments to Divido processes to keep in line with recent changes and best practice
- Monitoring and improving the supplier compliance framework, including review of new and existing suppliers
- Proven background working in delivery and audit focused roles.
- Proven experience of identifying gaps in compliance and implanting a company-wide compliance strategy.
- First-hand experience with implementation of ISO 27001 and PCI DSS certifications
- First-hand experience managing compliance programs related to above certifications and GDPR
- Experience in managing and supporting multiple implementations for large organisations;
- A basic understanding of IT principles including: ITIL, Hardware and Software architecture, SDLC, Operating systems and administration, networking technologies, Virtualisation, Shared storage, Cloud and mobile technologies
- Varied technical background with experience in different network, application development, architecture, and security infrastructure technologies