CISO Compliance Manager
We are Direct Line Group – home to some of the country's best-known brands including Direct Line, Churchill, Privilege, Greenflag and NIG. Our vision is to create a world where insurance is personal, inclusive, and a force for good, and our purpose is to help people carry on with their lives, giving them peace of mind now and in the future.
DLG is at an important stage in its evolution to be a technology and data company. Following a few years of significant build and transformation of core assets, ranging from telephony to core customer-facing platforms, an Agile transformation for key segments of our business is bedding in with the intent of better serving our customers at pace. However, there is more to do!
As one of our Compliance Manager within our Governance Risk and Compliance (GRC) function you will be responsible for continually increasing the security, resilience and privacy of our supply chain through impact assessments of external third party suppliers, identifying high risk service provisions and supporting the third party due diligence and assurance processes at every stage. You’ll also ensure on-going compliance with internal policies/standards and regulatory requirements, including PCI DSS compliance and the facilitation of the annual Payment Card Industry (PCI) Data Security Standard (DSS) assessment.
You’ll use you in-depth information security, risk and compliance knowledge to drive continual improvement of our CISO compliance and third party assurance programmes; whilst also providing guidance and subject matter expertise to our suppliers and business unit stakeholders.
N.B this is a hybrid opportunity with office visits c.2-4 times per month.
Who you’ll be working with:
You’ll join our Governance, Risk & Compliance team who are part of our CISO function and report into our Compliance Lead. Our CISO function has been re-energised and comprises of Cyber Defence Centre, Business Resilience, Governance, Risk & Compliance, Privacy & Information Management, Strategy & Operating Office and Security Innovation & Enablement.
What you’ll be doing:
- Scope and proactively identify changes in the organisation and third party supply chain environments which may impact the PCI DSS scope
- Deliver and liaise with project teams to transition PCI DSS project activities to business as usual
- Provide advice and guidance on security technologies and PCI DSS standards to internal business functions
- Manage and facilitate the annual PCI DSS assessment and certification, including ongoing monitoring activities to ensure that results, risks and issues are properly documented, escalated and addressed
- Quality assurance, documentation and communication of PCI assessment findings to leadership and the PCI Security Standards Council
- Ensure the assurance portfolio of third party suppliers remains full and current and is prioritised appropriately
- Conduct timely security impact assessments of third party suppliers and initiating appropriate due diligence and assurance response
- Produce high quality, informative and accurate reports in respect of third party assurance assessments and ensuring risks are tracked by the appropriate business area through to resolution
- Responsible for supporting third party due diligence processes to embed Information Security and PCI DSS control requirements in new contracts and service agreements
- Ensure compliance with internal policies, standards and applicable regulatory requirements
- Coordinate and respond to partners and clients assurance requests
- Contribute to the collection and management of Key Risk Indicators (KRI’s) and Management Information (MI’s)
What you’ll need:
- Excellent knowledge of regulatory and compliance requirements impacting the financial services industry (e.g. GDPR, PCI DSS, Operational Resilience, FRCF)
- Working knowledge and experience of achieving and maintaining the PCI DSS Report of Compliance (ROC)
- Hands-on experience of security assessments, quality assurance, and implementation PCI Data Security Standard
- Excellent knowledge of information systems architecture, payment applications and the lifecycle of payment card transactions
- Strong experience evaluating the security infrastructure for large enterprise merchants or service providers
- Strong experience of designing and coordinating third party due diligence and assurance reviews and
of assessing third party supplier controls, identifying weaknesses for remediation and documenting third party assurance reports
- Excellent knowledge of control frameworks and experience assessing internal controls and third party supplier compliance
- Experience of working with on premise, legacy and cloud environments ( ideally with platforms such as Microsoft Azure and AWS )
- Excellent written and oral communication skills
- Excellent stakeholder management skills and experience of preparing formal reporting for senior management PCI Qualified Security Assessor (QSA) or PCI Internal Security Assessor (ISA)
Ways of Working
Here at Direct Line Group, we recognise the importance of flexibility, not only in our personal lives but also in the way we work. Our mixed model way of working offers a 'best of both worlds' approach combining the best parts of home and office-working, offering flexibility for everyone.
How much you'll be in the office depends on your role, and we'll consider the flexible working options that work best for you. You can find out more about our flexible working approach or please get in touch with the team to discuss.
We recognise we wouldn't be where we are today without our colleagues, that's why we offer such excellent benefits designed to suit you as and when you need them:
- 9% employee contributed pension
- 50% off home, motor and pet insurance plus free travel insurance and Green Flag breakdown cover
- Additional optional Health and Dental insurance
- Up to 10% bonus
- EV car scheme allows all colleagues to lease a brand new electric or plug-in hybrid car in a tax efficient way.
- 25 days holidays
- Buy as you earn share scheme
- Employee discounts and cashback
Life at Direct Line Group
Direct Line Group is an equal opportunity employer. We value diversity and we're committed to making DLG a truly inclusive place to work.
We recognise and embrace that people work in different ways and we'll always adapt as much as possible so you have the best and most comfortable working environment that we can offer. We know you're more than a CV, and the things that make you, you, can bring real potential to DLG.
If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you.
Can’t find the job you’re looking for? Register to be notified as soon as new jobs become available. Enter your email address. Choose the job category and/or enter a location that you’re interested in. And then click “Add” to add the criteria and “Sign Up” to create your job alert.