Governance, Risk

Travelfusion is the world's largest travel B2B content aggregator for LCCs (Low Cost Carriers) and FSCs (Full Service Carriers) processing hundreds of millions of daily transactions with tens of thousands of daily flight bookings. Travelfusion's platform powers the world's leading online leisure and business travel agencies, as well as the meta search and travel ecommerce sites.

The business also offers shopping and bookings of hotels and rail operators. Travelfusion is also the leader in direct payment and settlement solutions - tfPay - which manages payments and reconciliations for millions of air tickets. We are a dynamic SaaS technology company, rapidly growing profitable business with 175 employees based in London, Shanghai and Thessaloniki. 

The role

Travelfusion is seeking a professional, experienced GRC Officer to play a critical role in ensuring the company operates ethically, legally and resiliently. Additionally the GRC Officer will pro-actively guide the business in all aspects of governance, risk and compliance. The position will form part of a new GRC/Infosec team which will work widely across the company.

What you'll be doing
Policy & Framework Development:

Establishing and maintaining organisational frameworks for governance, risk and compliance.

Risk Management:

Identifying, assessing, and mitigating risks by maintaining risk registers and supporting risk-aware decision-making.

Compliance Monitoring:

Ensuring the company complies with relevant regulations, industry standards (e.g. cybersecurity frameworks) and internal policies.

Audit Coordination:

Managing internal and external audits, providing necessary documentation and evidence to audit teams.

Regulatory Research:

Keeping up-to-date with new and evolving compliance laws, regulations and standards.

Security Awareness & Training:
Assisting in creating and delivering security awareness training to employees.

Collaboration:
Working with senior leadership, IT, cybersecurity teams and other departments to align security and compliance practices.

GRC Platform Management:
Maintaining and utilising GRC platforms to track risks, controls, and compliance activities.

Key Skills:
Analytical Skills
The ability to analyse risks, assess compliance gaps and develop solutions.

Communication:
Strong communication skills to clearly explain complex compliance requirements to different audiences.

Cybersecurity & Business Knowledge:
An understanding of both business operations and cybersecurity principles is essential.

Regulatory Knowledge:
A solid understanding of key regulatory frameworks and standards relevant to the travel technology industry.

What experience you'll have

● Minimum of 5 years experience in leading and implementing security measures: protocols, data security, cyber and information security

● Qualifications: Certification/experience in ISO 27001, GDPR, NIST, PCI DSS, SOX
● Knowledge of GRC platforms; strong analytical and communication skills
● Governance qualifications valued
● Knowledge of regulations with a deep understanding of GDPR and other data protection laws
● Proficiency in data security tools, encryption technologies and audit methodologies
● Ability to analyse security threats and vulnerabilities
● Excellent problem-solving and decision-making abilities
● Strong written communication and client facing skills
● Experienced in reporting at board level
● Ability to write reports and produce training resources
● Bachelor's degree in Computer Science, Information Technology or Law

We offer hybrid working which requires 3 days per week minimum to be based in our Central London office. 

Please do not hesitate to apply and our talent teams will be in touch. We endeavour to get back to candidates with feedback but due to the volume of applications we receive this may not always be possible. 

#LI-JM1