System compliance and Security Manager
We are looking for a System compliance and Security Manager to join our busy team!
As an experienced System compliance and Security Manager you will enhance and deliver First Bus's approach to compliance, security and fraud management across our retail channels, acting as principal owner and conduit for the development & delivery of key policies across the business.
You will cover a broad remit including security, business continuity, PCI DSS & GDPR compliance, fraud management and audit controls, to ensure the correct level of compliance and risk management is achieved to allow our customer-facing digital proposition to be sustainably managed.
This is a remote role and you can be based anywhere in the UK. The working hours are 8:30 to 5pm with some weekend work required
The salary for this position is between £35,000 and £38,000 per annum depending on skills and experience
What will you be doing?
In collaboration with relevant system SMEs, Product Owners and wider IT & Commercial team you will:
- Create, own and deliver key business continuity and compliance policies and controls, including PCI DSS, Incident Response, Fraud Management etc
- Own and deliver key retail system security activities, including penetration testing / remediation management and other security activities across all retailing/customer-facing systems (including mobile app, web site, amongst others)
- Manage the monitoring/action planning on unusual customer activity in our digital channels to ensure fraud and revenue risks are appropriately managed
- Own the First Bus approach to GDPR compliance within our retailing channels / customer facing systems, including developing and maintaining Data Protection Risk Assessments, in collaboration with SMEs and DPO
- Own and manage First Bus' detailed payment compliance policy, ensuring ongoing compliance with / retention of PCI DSS compliant status; includes management of annual audit / RoC process and ongoing central & local controls across all payment channels
- Proactively monitor and manage digital retail channel fraud and other risks, including payment card fraud/chargeback management (card not present transactions), EMV declined payments risk, recovery & deny listing (card present transactions)
- Identify and develop measures which underpin the integrity and security of our retail channels and therefore revenue base
- Working with our payments SME, maintain oversight of our chip and pin terminal estate across the UK – administration, device control, support for local teams, audit
- Oversee the management of the retail systems User Access Control policies and compliance/audit process
- In collaboration with the FirstGroup DPO, managing responses to GDPR-related external requests (SARs etc) originating within our customer-facing retailing channels
- Work within the retail operations function to ensure operational retail processes are accurately documented and kept up to date
- Support various internal and external audit requirements relating to reconciliation, integrity etc of our retailing systems
Skills & Experience
- Experience in retail, e-commerce, retail banking, or a similar consumer-facing industry is required
- 3+ years' experience in fraud, payment or other relevant risk management roles
- Experience of team management and leadership in the Compliance/Security/Risk space
- Experience of leading PCI DSS compliance within a large, multi-channel retail estate
- Strong understanding of payment card fraud management (including chargebacks, disputes refunds etc)
- Working knowledge and experience within GDPR and other relevant data protection regulations
- Ability to work in a fluid environment with changing deadlines
- Good analytical, numerical and verbal presentation skills
- Ability to collaborate and influence key internal stakeholders and build effective relationships
- Degree level qualification in relevant area (e.g. a Business or IT related discipline), or relevant experience in Risk Management, IT Security, Fraud Management / relevant certifications (e.g. CFE, ICA, CISSP, ISA etc)
- Demonstrate an interest in and knowledge of the payments systems within the public transport / transit space
Who are we?
First Bus is one of the UK's largest bus operators – and the partner of choice for innovative and sustainable transport. Leading the transition to a low-carbon future, we have committed to operating a zero-emission bus fleet by 2035 and to not purchase any new diesel buses after December 2022.
Working proactively with local authority partners, First Bus is proud to be making a positive impact on air quality, tackling congestion and improving customer experience. Making journeys easier for customers, First Bus was the first national bus operator to accept contactless card payments across all services and the First Bus app is voted ‘best in class' amongst UK bus operators.
First Bus is a division of FirstGroup, the first UK bus and rail operator to formally commit to setting an ambitious Science-Based Target to achieve net zero emissions.
Interested? Click on apply and complete an application form!