Information Security Risk Manager

Risk – IT Risk
Full Time
Hello there. We’re Zopa the Feel Good Money company.
In 2005 we built the first ever peer-to-peer lending company to give people access to simpler, better-value loans and investments. Since then we’ve helped hundreds of thousands of customers take the stress out of money by building our business on honesty, transparency and trust.

It works so well that we want to give our customers access to other great products and tools, empowering them to better manage their money. That’s why, in December 2018, we launched a different type of bank, allowing us to bring a greater range of smart finance products to even more people.

Reporting into the Head of IT Risk, this role will coordinate Information Security Risk Management activities, including ownership of scheduled reviews.  This is an exciting opportunity to join the IT risk management function as Zopa prepares to launch its banking activity.
The role’s core responsibility is to report on and test the effectiveness of Information Technology and Security risks across Zopa, as a second line of defense function.

Setting policy and control objectives:

    • Building strong business partnerships with first line functions to advise and challenge on projects and initiatives across the business where there are technology risks
    • Ensuring that the IT Risk framework is embedded in the business
    • Ongoing maintenance of Information Security policies; ensuring adherence and compliance with regulatory requirements
    • Monitoring Information Security Risks to ensure that key risks are identified, and appropriate mitigating actions or controls are in place
    • Oversight of significant IT changes which could create incremental risk exposure

Risk identification, assessment and evaluation:

    • Identify current and emerging information security risks
    • Assessing the effectiveness of policy and control implementation by the business
    • Assessing the effectiveness of Business Continuity and Disaster Recovery Plans from a technology perspective

Information Technology control monitoring:

    • Oversight of controls effectiveness testing for all IT, InfoSec and Privacy teams to confirm if the controls are still relevant and sufficient to meet Zopa policies and relevant standards e.g. ISO/IEC 27001, ISAE 3402 and GDPR
    • Recommend control enhancements to ensure risks remain within our appetite

About you:

    • Strong experience as an Information Security risk specialist, or information technology auditor
    • Experience in Information Technology functions
    • Good knowledge of working alongside development teams, in an agile software development (SDLC) environment
    • Knowledge of industry frameworks such as ISO 27001 (preferred), ISO 27005, PCI DSS, ISAE 3402
    • Stakeholder engagement and influence – ability to identify and manage key stakeholders and department heads, building rapport and constructive relationships
    • Provide thought leadership in information technology and security, emerging risks and contribute to ongoing development of the firms Cyber Resilience strategy
    • Comfortable making the transition from IT/Security into a second-line (2LoD) oversight role
    • Open to learning how DevOps operates and implementing a risk management framework, in an agile fast paced environment

Zopa is proud to offer a workplace free from discrimination. Diversity of experience, perspectives, and backgrounds leads to great products and unique company culture. We simply can’t expect to empower our customers to better manage their money without challenging the current status quo. Creating the best place for money is no easy task, which is why we need talent from all walks of life.