Information Security Governance, Risk, and Compliance (GRC) Specialist | London, UK

Information Security Governance, Risk, and Compliance (GRC) Specialist {"description": "Why work for us? A career at Janus Henderson is more than a job, it's about investing in a brighter future together. Our Mission at Janus Henderson is to help clients define and achieve superior financial outcomes through differentiated insights, disciplined investments, and world-class service.

We will do this by protecting and growing our core business, amplifying our strengths and diversifying where we have the right. Our Values are key to driving our success, and are at the heart of everything we do: Clients Come First - Always | Execution Supersedes Intention | Together We Win | Diversity Improves Results | Truth Builds Trust If our mission, values, and purpose align with your own, we would love to hear from you!

Your opportunity Policy Development and Management :

• Develop and maintain comprehensive cybersecurity policies and procedures.
• Ensure these policies align with industry standards and regulatory requirements.
• Assist in the integration of security practices and control across various technical and non-technical departments, enhancing workflow and operational processes.

Risk Management

• Conduct regular risk assessments to help identify vulnerabilities and threats.
• Collaborate and oversee the implementation of risk mitigation strategies.
• Monitor emerging threats and evolving technologies to continuously refine risk assessment protocols.
• Ability to design and evaluate control metrics for assessing the effectiveness of cybersecurity measures.
• Collaborate with Enterprise risk management to embed cyber risk into broader risk registers and board-level reporting.

Compliance Management

• Monitor and ensure compliance with internal policies, industry standards, and regulatory requirement.
• Engage with required stakeholders in Technology, Legal, Compliance and Internal Audit as required • Compile and deliver detailed compliance reports to senior management • Monitor upcoming regulations and prepare compliance roadmaps.

Training and Awareness

• Support and enhance engaging cybersecurity awareness training programs.
• Foster a company-wide culture of cybersecurity awareness.
• Keep current with the latest cybersecurity trends and best practices to inform training content and security measures • Train and guide wider Tech team members on best practices in cybersecurity risk management.

Incident Management

• Actively participate in the response to security incidents.
• Support post-incident evaluations and reporting.
• Collaborate with relevant stakeholders to devise and enforce corrective measures aimed at bolstering defences against future incidents.

Stakeholder Engagement

• Maintain clear and effective communication with stakeholders at all levels.
• Provide expert guidance on cybersecurity best practices.
• Work collaboratively with Technology and other departments to achieve comprehensive security objective Must have skills • Bachelor's Degree in Information Technology, Cybersecurity, or a related field; equivalent work experience also considered.
• 3 to 5 years of professional experience in information security.
• Certification such as Certified Information Systems Security Professional (CISSP) strongly preferred.
• Deep understanding of cybersecurity principles, frameworks (such as NIST, ISO/IEC 27001), and compliance standards.
• Experience with financial service regulations and regulations such as FCA, SEC, MAS, DORA.
• Proficient knowledge of network security principles and controls such as Firewalls, IPS/IPD, TCP/IP, DHCP, and DNS • Extensive experience in securing Operating Systems such as Windows, UNIX/Linux and Mac systems. This includes security access rights, implementing configuration best practices • Knowledge of cloud service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid, community) and experience in implementing and managing cloud security best practices.
• In-depth knowledge of IAM principles and technologies to manage digital identities and control user access and experience with Single Sign-On (SSO), Multi-Factor Authentication (MFA), and role-based access control (RBAC) systems to enhance security and operational efficiency.
• Understanding of Secure DevOps / CI/CD pipeline governance Supervisory responsibilities • No You will be expected to understand the regulatory obligations of the firm, and abide by the regulated entity requirements and JHI policies applicable for your role.

At Janus Henderson

Investors we're committed to an inclusive and supportive environment. We believe diversity improves results and we welcome applications from candidates from all backgrounds.