Manager - Info Security & GRC (£60-£70K)

Title: Manager - Information Security, Governance, Risk and Compliance (£60-£70K)Location: Remote, UKAbout PSI We are PSI Services. We power world leading tests. Delivered with trusted science and the very best test taker experience. PSI supports test-takers on their journey to pursuing dreams and gaining certifications that are important to them. They believe that their dreams are worth working for; that their dreams are worth the effort. And we believe that too. This is our core purpose, to empower people to achieve their dreams. We do this by being the best provider of workforce solutions, which foster both technology and science to deliver the best solutions for our test takers. We are searching for top talent to join our PSI team and help grow our products and services. We have a creative, supportive and inclusive culture where we empower people in their careers to be their authentic self and make the most of their great talent.At PSI, we are committed to helping people meet their potential and we believe that promoting diversity, equity and inclusion is critical to our success. That’s why you’ll find these ideals are intrinsic to our company culture and applied throughout the employee lifecycle. Learn more about what we do at: the RoleThe Manager of Information Security, Governance, Risk and Compliance role drives activities related quality, environment, risk, data security, privacy and compliance, with the aim of enabling Lifelong Learner and its subsidiaries to comply with ISO, PCI and other industry standard frameworks. The purpose of this role is to ultimately help provide assurances to our stakeholders that our organizations take the security and privacy of data seriously.This is a full time, permanent position, Monday to Friday with flexible hours around a standard 0900-#####. This is a managerial role providing leadership to the role of Information Security and Compliance Analyst, and reports to the Director of Information Security, Governance, Risk and Compliance. The role can be performed remotely, with occasional travel to offices and test centres required to support with audits.Role ResponsibilitiesAct as the main point of contact for the design and deployment of the security GRC frameworkPartner with all team members to maintain an integrated end-to-end security GRC framework to provide a "one-stop shop" shop for all security activities and controlsManage all security policies, standards, procedures, and guideline, and any related GRC issues with stakeholders including the management of exceptions to policies and standardsEnsure controls are in place and working as they shouldEnsure policies, standards, procedures, and guidelines are updated to reflect changes in the business and IT environmentEnsure clients, regulatory, and internal requirements are being met consistently and cost-effectivelyAutomate and streamline all processes related to managing the security GRC frameworkProvide multi-level reporting to all stakeholders in the company: Executives, clients, business leads, IT leads, audit and regulatory representativesManage all security assessments required internally or externally including the consulting firms and/or contractors engaged to support such assessmentsBuild partnerships across the organization in all disciplines: audit, legal, information technology, financial management, business operations, sales and marketing, corporate communications, etc. to ensure the security GRC program is aligned with business objectives and requirementsManage internal and external audit activity. PSI is currently certified for ISO27001, ISO22301, ISO9001, ISO14001, SOC2 Type 2Maintain and develop the Risk management program for Entity level and Third party risksEducate end-users and IT staff in security threats, risks, policies, and security best practicesContribute to the design and implementation of an operational reporting framework that will provide regular metrics and statistics about our business and IT environment; analyze trends in security events, activities, etc. to better understand risks, insufficiencies in our solutions, staffing shortages, etc.; report security metrics and statistics to key stakeholders throughout the organizationManage any security business practice irregularities, violations and infractions including exceptions, risk memos, security position memosPrepare detailed plans for security reviews/audits and any other compliance tasks required internally or externallyKnowledge, Skills and Experience RequirementsExperience working within, achieving and/or maintaining ISO standards such as ISO 27001,#####1, 14001 and 20000 (essential).Proficient with MS OfficeSolid understanding of common security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software) strongly recommendedExtensive training and experience in computer disciplines such as application and data security, systems programming, systems design, computer technology or software disciplinesFamiliarity with OneTrust GRC and Privacy tools desiredCertified training in security management, risk and compliance solutions and practices. CISSP, CISA, CISM, GSEC, CRISC, or related certification(s) desirable.Experience in a fast-paced GRC/ISO function (desirable).Benefits & Culture At PSI, our culture is to be transparent and fair. That’s why all of our roles have been benchmarked at a competitive rate against the local market they are based in. To be transparent all of our adverts now include the salary so you can see if we align with your expectations when looking for your next role. In addition to a competitive salary, we offer a comprehensive benefits package and supportive culture when you join us. This includes; 401k/Pension/Retirement Plan – with country specific employer % Enhanced PTO/Annual LeaveMedical insurance – country specific Dental, Vision, Life and Short Term Disability for US Flexible Spending Accounts – for the USMedical Cashback plan covering vision, dental and income protection for UK Employee Assistance ProgrammeCommitment and understanding of work/life balance Dedicated DE&I group that drive core people initiatives A culture of embracing wellness, including regular global initiativesAccess to supportive and professional mechanisms to help you plan for your future Volunteer Day and a culture of giving back to our community and industry through volunteering opportunities