Security GRC Manager

Company Description

Crown Agents Bank is a vastly growing and regulated UK bank that connects emerging and frontier markets to the rest of the world, using FX and payments technology. We are transforming the way payments and FX move through emerging markets, reducing friction so that more money gets to those who need it. Emerging markets payments are usually challenging, expensive, unreliable and opaque. Our solutions help fix these pain points. Ultimately, we connect traditionally hard-to-reach regions to global financial infrastructure, giving access to the best prices and the fastest, most reliable settlement.

FX and cross-border payments are often complex and expensive, especially when operating in emerging markets. Crown Agents Bank (CAB) wraps its deep and trusted relationships and strength of network around innovative digital capabilities, and cross-border transaction banking solutions to enable fintech, corporates, governments, development organisations and banks to move money to, from, and across often hard-to-reach markets.

Job Description

The Security GRC (Governance, Risk & Compliance) Manager will take the lead in developing, implementing, and continuously improving our global security governance, risk, and compliance programs. You’ll play a critical role in maintaining and achieving key security certifications, driving regulatory compliance across multiple regions, and enabling a strong security culture across the business. 

You’ll be joining a small, high-performing, and collaborative security team where your ideas, initiative, and hands-on mindset will make a real impact. If you’re an experienced GRC professional with a passion for innovation, a data-driven approach, and a proven track record in tech environments—this is the role for you. 

Responsibilities:

• Security Frameworks: Lead the management and continuous improvement of security frameworks such as ISO/IEC 27001, NIST CSF, and others as required. 

• Certifications & Audits: Oversee and drive certification and re-certification efforts for Cyber Essentials Plus, SOC 2 Type 2, and other relevant regional or industry-specific standards across EMEA, Americas and Asia. 

• Compliance & Regulation: Analyse global laws and regulatory requirements to ensure the business meets applicable security compliance obligations (e.g., EU GDPR, DORA, etc.). 

• Risk Management: Own and manage the security risk management program, including advanced risk assessments, vendor risk reviews, and mitigation planning. 

• Security Incidents: Collaborate with cross-functional teams on security incident coordination, response, root cause analysis, and continuous improvement efforts. 

• Stakeholder Reporting: Provide clear, data-driven reporting to senior stakeholders on GRC metrics, risks, controls, and compliance posture. 

• Awareness & Training: Design and deliver user training programs and security awareness initiatives to foster a strong security-first culture. 

• Customer Trust: Respond to customer assurance questionnaires, support sales and legal teams with RFPs and security-related queries. 

Qualifications

• 5+ years of hands-on experience in information security governance, risk, and compliance. 

• Deep experience leading and maintaining ISO 27001, NIST CSF, and SOC 2 Type 2 programs. 

• Proven track record with certification efforts like Cyber Essentials Plus and local/regional compliance standards across EMEA, Americas and Asia. 

• Strong understanding of international laws and regulations related to cybersecurity and data protection. 

• Expertise in ISMS management, internal/external audits, policy lifecycle management, and compliance monitoring. 

• Confident in conducting risk assessments, vendor reviews, and third-party due diligence. 

• Comfortable presenting to and influencing executive leadership. 

• Experience working in tech startups or global technology corporations is highly desirable. 

• A hands-on, innovative, and analytical mindset – you enjoy rolling up your sleeves and solving complex problems. 

• Excellent communication skills – written and verbal – with the ability to translate security language for different audiences. 

Certifications required:

• CISSP (Certified Information Systems Security Professional) 

• ISO 27001 Lead Implementer and/or Auditor certification 

Nice to have:

• Experience with security tools such as GRC platforms (e.g., Vanta, Drata, OneTrust) 

• Familiarity with regulatory frameworks like EU GDPR and DORA 

• Background in customer trust, sales enablement, or due diligence support 

Additional Information

• Hybrid working
• Contributory personal pension plan: - Minimum: Employee 2% and Employer 7%. Employer matches contributions in 1% increments to a maximum of: Employee 5% and Employer 10%
• Life Assurance – 4 times annual salary
• Group Income Protection
• Private Medical Insurance – this may include cover for partner and or children at company cost. Cover includes Optical, Dental and Audiology
• Discretionary Bonus
• Competitive Annual Leave
• 2 Volunteering Days
• Benefit Hub