Technology Risk Controls Analyst
Bud, United Kingdom

Bud's mission is simple. We're here to create the world’s most compelling financial data products. The products we're building are used by some of the world's most prestigious institutions to help millions of their customers take control of their finances.

We’re looking for someone to join our growing team as part of the first line of defence focusing on Technology Risk amp; Controls, in particular related to Information Security. At Bud, we don’t view compliance as an obstacle to business but as a guide to approaching things in a way that best protects consumers, and as a valuable asset to be used as a commercial advantage in our industry. Our approach to security, and some novel techniques we have adopted in particular, are core to what we do at Bud and a common reason why our clients choose us.

You’ll be leading on the development and continual improvement of our policies, risk management and controls related to Information Security. This includes in particular ensuring that we both meet required standards and regulations as well as client amp; consumer expectations. Teams will turn to you for guidance on how to ensure we are not only compliant with regulations, but also fostering a culture of acting in a way that protects consumers and our clients using rigorous thinking and careful controls.

• Manage Bud’s Information Security Policies and overarching ISMS
• Understanding the technical requirements on Bud relating to either accreditations, regulation or contractual requirements by our clients in relation to information security and ensuring Bud maintains effective controls and policies to meet these requirements
• Using your technology risk management knowledge to support teams in developing new processes, controls and features by embedding good regulatory and risk practices
• Leading risk assessments and root cause analyses on operational incidents on an ongoing basis in order to strengthen Bud’s risk and controls frameworks
• Organise and lead internal training sessions related to Technology Risks and Information Security
• Leading and performing technology controls testing, implementation and remediation
• Organise accreditations and associated audits for standards such as ISO27001, SOC 2, PCI DSS
• Assist with external due diligence where required, i.e. due diligence performed on Bud by prospective or current clients, or due diligence performed by Bud on its agents or suppliers

• Experience working with ISO 27001 and managing an ISMS
• Experience in Information Security, either from an engineering or risk amp; compliance perspective
• Strong understanding of UK/EU Data Protection legislation, in particular GDPR
• You have a good understanding of the three lines of defence model
• A balanced approach to risk amp; compliance solutions that weighs and balances regulatory, risk, compliance and commercial considerations.
• Able to solve problems and manage multiple priorities
• You are hands-on, collaborative and focused on execution
• You are process driven and are effective at project management
• Strong communication skills and able to present objectives, strategies, concerns and impact assessments clearly to individuals in all departments and levels of the business including senior management
• You are curious and actively seek out learning opportunities amp; challenges in the vicinity of their role (either within Risk amp; Compliance or Engineering)
• Ability to take ownership and proactively lead workstreams and tasks with limited supervision

If you prefer to work part-time, please do get in touch and we can discuss various options that might be available.

This role can be based in our London office, or fully remote/distributed in the UK.

These aren’t requirements, but are definitely a plus for any candidate!

• Worked in UK banking or fintech before
• You have a software engineering or security engineering background
• You have experience working with technology and/or cyber risk
• You have worked in an environment with SOC 2 and/or PCI DSS accreditation
• You have led a project that led to being ISO 27001 certified by a BSI-compliant auditor
• You have experience working in a SaaS company or where your technical platform is your main product
• You have experience working in a company where their platform is based in the Cloud (Google Cloud Platform/AWS)

The software engineering team is tasked with solving highly technical problems to enable solutions that tangibly benefit the lives of millions of people. From how to scale our solutions to tens of millions of users in the most effective manner of integrating hundreds of third-party businesses. Data is key to our business an

Job Rewards and Benefits