About the role

Senior Manager: Governance, Risk and Compliance leading GRC functions at Reward Gateway. Managing risk governance, regulatory compliance and assurance processes for the organization.

Responsibilities

Lead, manage, and develop the GRC team, including hiring, coaching, performance management, and succession planning. Champion a culture where governance, risk and compliance are seen as business enablers, not blockers.
Manage our control framework, covering ISO 27001, 22301, 9001, 14001, SOC2 Type 2, PCI DSS & CE+.
Implement and manage ISO 42001 within the integrated management system, ensuring alignment with organisational objectives.
Partner with our Cyber Security, IT, Product and Engineering Teams to ensure that information security governance and policies remain effective, aligned with risk appetite, and embedded into day-to-day operations.
Own and mature the Vendor Risk Management (VRM) framework, including vendor criticality tiers, onboarding, due diligence, and ongoing monitoring.
Manage and test Business Continuity Plans (BCPs) across critical business services, locations, and supporting technology.
Own the enterprise risk management framework, methodology, and tools. Lead regular Information Security and AI Risk Board meetings, ensuring clear risk ownership, documented decisions, and timely follow-up on agreed actions.
Use KPIs to monitor GRC process performance, drive continuous improvement, and evidence the value and maturity of the GRC function.
Support the creation, enhancement, and maintenance of technical and procedural documentation (policies, standards, guidelines, and work instructions).

At least 5+ years’ experience in the capacity of a GRC Manager/Senior GRC Analyst or a Lead Auditor is required.
Certiﬁcation in ISO 27001 and/or recognised IT governance and security certiﬁcation such as CRISC, CISA, CISSP, etc.
Experience implementing or managing Governance, Risk and Compliance (GRC) systems.
Hands-on experience as an Internal Security Assessor for PCI DSS and leading or heavily supporting PCI DSS certification or assessments.
Experience with NIS 2, AI governance / AI compliance, and other emerging regulatory frameworks, or clear capability to rapidly build this expertise.
Demonstrated ability to assess and design internal controls for information security in enterprise or high-growth SaaS environments, including cloud-native architectures.
Understanding of fundamental information security concepts and technology and have previous exposure to cloud technologies and cloud security.
Superb English communication skills with the ability to interact effectively with multi-disciplinary teams.

Online interview with the Senior Talent Partner.
First stage video interview with the CISO and the Head of Cyber.
Final stage video interview with the Chief Technology Ofﬁcer and the CISO.
Be comfortable. Be you.
At Reward Gateway, we want all of our employees to feel comfortable bringing their passion, creativity and individuality to work. We value all cultures, backgrounds and experiences, as we truly believe that diversity drives innovation. Express yourself, join our community and help us Make the World a Better Place to Work.
We hire BETTER.
From perks to people, our BETTER approach to hiring earns us more trust, happier people and more world-class talent that help us to make the world a better place to work. Find out more about Reward Gateways approach to beneﬁts, equality, talent, technology, empathy and what you’ll get in return for joining our Mission at rg.co/lifeatrg.