I’m a Governance, Risk and Compliance Analyst within the Information Security Team here at Engine, and my responsibilities are currently quite broad.
My key focus is on helping to maintain and mature our GRC program. This is work that involves ensuring adherence to key security standards and regulations, such as ISO 27001, SOC 2 Type II, and PCI 3DS/DSS and includes making relationships with people across the whole business, as well as with our external auditors. These frameworks are essential for building client trust, as they validate the robust security controls we have in place across the Engine and the wider Starling Group.
Beyond compliance, I play a role in our risk management process, actively identifying, analysing and documenting information security/ technology risks and ensuring mitigations are considered. I also oversee our vendor due diligence activities – from onboarding new suppliers, to conducting re-reviews, to assessing the posture of various new offices we’re opening globally! It’s never a dull day.
My journey started with the Starling Bank Graduate Scheme in October 2023, where I took part in Economic Crime and Compliance with 6 other grads. As the scheme concluded, I transitioned into the GRC Analyst role within the Engine InfoSec team.
It’s been a steep but incredibly rewarding learning curve – I’ve had to quickly absorb a wealth of information in the information security domain to effectively support my team and our mission.
This year was the first time I’ve ever experienced and took a lead on the ISO 27001 and SOC 2 Type II audits. For context, they’re chunky standards requiring over 170 different pieces of evidence from various teams across Engine and Starling that needed to go to independent auditors! It was a huge team effort and a major milestone in demonstrating our control effectiveness.
Back yourself, write everything down, and remember to actively take time off.
View it as a non-negotiable investment in your ability to perform at your best, rather than a luxury.
I love doing things that take my mind off the stresses of everyday life. Trying new lunch spots, weekend spa trips away, crossfit & I’ve just adopted a dog so my life now revolves around him!
“Before my arrival, our risk and compliance efforts were fragmented. Nia, with guidance and support, has been instrumental in overhauling our approach. She has transformed our risk assessment process and streamlined our compliance activities, making them more efficient and establishing foundations on which to mature.”
“One of Nia’s most significant achievements is the complete redesign of our third-party supplier management due diligence process. What was once a slow, cumbersome process with a peak review time of 41 days has been dramatically reduced to a 3-day average. This was accomplished by implementing a structured, systematic, and risk-based questionnaire that allows us to quickly determine the potential risk to the business. Her new approach not only saves us valuable time and resources but also significantly strengthens our security posture.”
“Beyond process improvements, Nia has been key in fostering a culture of shared responsibility and accountability. She has been instrumental in educating and engaging the wider business on the importance of compliance, making it a collaborative effort.”
“Nia consistently approaches every challenge with a can-do attitude, a keen eye for detail, and a relentless commitment to excellence. She is a proactive and collaborative colleague who deserves to be recognised.”
