GRC Manager

A full-time remote role in United Kingdom

Apply for this role

We’re proud to be trusted by some of the largest companies in the world to handle their Salesforce DevOps. Underpinning that trust is a commitment to protect their data through our modern approach to security and compliance, and this is only getting more important as we grow our customer base in increasingly regulated sectors.

This is a fantastic opportunity to progress your career in security and compliance within the tech sector. This role will provide you with exposure to several key areas including information security, data protection, general compliance, audits and relevant project work. There’ll be lots of opportunity to progress within the role and specialise within a certain area of the business in the future.

What’s the opportunity at Gearset?

    • Own our security and compliance documentation accurate and up to date, such as policies, procedures, and support documentation across our information security and compliance programs.
    • Support our commercial teams in complex information security and compliance negotiations, while making sure we respond accurately and within given timescales.
    • Take ownership of maintaining our current ISO 27001 compliance and certification through continuous improvement activities, as well as supporting preparation for internal and external audits.
    • Own our internal Data Protection compliance program and make sure we comply with various regulations globally including UK GDPR, EU GDPR, and CCPA.
    • Gain experience in the implementation and ownership of additional compliance based projects as we increase the international regulation and standards we comply with.
    • Help us work efficiently by identifying common deal blockers and standardising documentation and processes.

What you’ll achieve

    • You’ll build on your prior experience from a GRC or an information security role, within a technology company, to support our ambitious company growth plans.
    • You’ll become a technical expert on the company and our products to streamline customer onboarding, and security and compliance reviews.
    • You’ll own reviewing and responding to our complex customer security and compliance requests.
    • You’ll have ownership of compliance and reporting to the international information security standard ISO 27001, to ensure Gearset retains our certification and continues to provide the highest level of protection to our customers’ data.
    • You’ll own our internal Data Protection compliance program and make sure we comply with various regulations globally including UK GDPR, EU GDPR, CCPA.
    • You’ll manage out third party supplier risk program.
    • You’ll work as part of the compliance project team when implementing new regulations or standards such as NIST, fedRAMP etc.
    • You’ll have the opportunity to get certified to international standards on Information Security, Compliance, Risk, Data Protection or Cyber Security.

About you

    • Have been in an information security or GRC role, within a technology company and hold either a ISO 27001 Lead Implementer or Lead Auditor certificate.
    • Have in-depth knowledge of ISO 27001 standards & proven experience in implementing ISO 27001 and maintaining the certification. Along with knowledge of general compliance requirements such as Modern Slavery, AML, Bribery etc.
    • Have a track record of owning internal compliance with global data protection laws including GDPR and CCPA.
    • Have an understanding of AWS Cloud infrastructure, and application security
    • Possess a technical predisposition, the desire to learn and ability to react to the needs of a rapidly growing company eg comfortable working in an ever changing environment.
    • Are an excellent communicator, with attention to detail and a passion for always delivering a great customer experience.

Great to haves

    • A degree in Computer Science, Information Security, Cybersecurity, or a closely related discipline such as Data Protection, Information Governance or Risk.
    • A recognised Information Security qualification such as CISSP, CompTIA Security+ etc
    • Past exposure to other regulations or frameworks such as NIST, HIPAA, fedRAMP, DORA
    • Knowledge of DevOps and DevSecOps

Benefits (the stuff you’d expect!)

    • This is a full time opportunity, working Monday to Friday remotely within the UK.
    • Opportunity to join our Long Term Incentive scheme
    • Generous personal development budget for courses, conferences, or whatever is useful to your professional development in the role of up to £1500 per year
    • Top end hardware provided
    • Free lunch any day you are in the office
    • BUPA health care
    • Life Insurance & critical illness cover 
    • Discounted gym membership, as well as a range of health and wellness benefits
     

About us

Gearset is the leading Salesforce DevOps platform trusted by more than 3,500 companies around the globe, including McKesson and IBM. We’ve the fast-paced, exciting environment of a startup, with the success and ambition of a scaleup, with offices in Belfast, London, and Chicago, alongside our Cambridge (UK) HQ.

We’re proud of our unique culture built on trust, collaboration, transparency, and teamwork, allowing us to have a feedback-driven culture that keeps us focused on delivering the best solution for our customers.

Alongside our Glassdoor score of 5/5, and customer G2 scores of 4.7/5, we hold three awards from Best Companies UK: Top 5 Best Company to work for in the East of England, UK Top 5 Best Mid-sized Company, and Top 5 Best Technology Company to work for in the whole of the UK.

Sound right for you?

We’re committed to creating an inclusive environment. So if you think you have something special to offer, or you’ve got great experience but don’t match every requirement, we’d still encourage you to apply!

Apply for this role See other openings