Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead cyber risk management and ensure compliance with regulations while mentoring junior team members.
- Company: Join Cantor Fitzgerald’s Global Information Security team, a leader in financial services.
- Benefits: Enjoy a collaborative work environment with opportunities for professional growth and development.
- Why this job: Make an impact by safeguarding information security and enhancing corporate governance.
- Qualifications: 6+ years in Governance Risk and Compliance; degree in IT, Cybersecurity, or related field.
- Other info: Preferred certifications include CISA, CRISC, CISM, CISSP.
The predicted salary is between 43200 - 72000 £ per year.
Cantor Fitzgerald’s Global Information Security team is seeking a Governance, Risk, and Compliance (GRC) Lead with expertise on managing cyber risk, ensuring compliance with regulatory requirements, and maintaining corporate controls. This role will be primarily responsible for leading efforts related to third-party risk management, client due diligence, awareness training, and regulatory compliance. The ideal candidate will have a strong grasp of cybersecurity threats and hands-on experience.
Key Responsibilities
- Governance Risk and Compliance: Advise project teams, application owners, infrastructure services, and other IT teams on information security controls, such as access management, incident handling, business continuity, system development lifecycle, threat and vulnerability management, and data protection. Identify and manage risks and vulnerabilities, providing strategic mitigation recommendations. Continuously improve policies and procedures related to controls and operational processes. Develop and deliver precise and timely metrics and reports.
- Third-Party Risk Management: Conduct risk assessments of new and existing third-party vendors to ensure compliance with company policies and regulatory requirements. This includes reviewing security controls, attestation reports, compliance certifications, and pertinent policies and processes related to threat and vulnerability management.
- Client Due Diligence: Manage and respond to due diligence inquiries from clients, providing accurate and timely information to support their compliance and risk assessment processes, while ensuring adherence to company policies and regulatory standards.
- Training and Awareness: Develop and deliver training programs to educate internal stakeholders and third-party vendors on information security best practices and risk management procedures. This includes annual mandatory training, simulated phishing campaigns, and ongoing firm-wide communications.
- Transferred Employees: Maintain a workflow designed to review the access of transferred employees. Facilitate a risk acceptance program aimed at enhancing governance surrounding potential deviations from information security policies.
- Compliance & Auditing: Demonstrated expertise in managing and addressing complex audits and compliance issues. Support organizational compliance by ensuring security controls align with regulatory and industry standards (e.g., NIST, ISO 27001, DORA). Provide evidentiary support for Audit and Compliance teams. Oversee the remediation process for findings originating from internal and external audits, risk assessments, and other control evaluations.
- Mentoring & Knowledge Sharing: Mentor junior team members across processes and technical concepts. Conduct technical training and knowledge-sharing sessions to ensure effective execution of the processes.
Key Professional Competencies
- Exceptional analytical, problem-solving, and decision-making skills.
- Outstanding written and verbal communication skills in English.
- Experience working with global teams across multiple time zones, cultures, and languages.
- Proficient in communicating technical concepts and complex solutions to a general audience, including non-technical stakeholders.
- Strong understanding of cybersecurity frameworks and practices to safeguard organizational assets.
- Ability to stay abreast of emerging technologies and evolving regulatory landscapes.
- Skilled in developing and maintaining strong partnerships with relevant businesses and technical teams, including third parties.
- Adept at handling multiple tasks and prioritising work under pressure.
- Collaborative mindset with a focus on teamwork and knowledge sharing.
- Strong work ethic and sense of discipline.
Technical Expertise
- Ticket management solutions (e.g., Provance).
- Information Security Training platforms (e.g., Ninjio).
- Third-Party Risk Management solutions (e.g., Venminder, CyberGRX, Upguard).
- Microsoft O365 products (e.g., Word, Excel, PowerPoint, Teams, etc.).
Education
Bachelor’s degree in Information Technology, Cybersecurity, Business Administration, or a related field (or equivalent experience).
Experience
6+ years of experience in Governance Risk and Compliance with a focus on cybersecurity and technology management.
Certifications (preferred but not required)
CISA, CRISC, CISM, CISSP or similar certifications.
GRC Lead employer: BGC Group
Contact Detail:
BGC Group Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land GRC Lead
✨Tip Number 1
Familiarise yourself with the latest cybersecurity frameworks and compliance standards like NIST and ISO 27001. This knowledge will not only help you in interviews but also demonstrate your commitment to staying updated in a rapidly evolving field.
✨Tip Number 2
Network with professionals in the GRC space, especially those who have experience in third-party risk management. Engaging in discussions or attending relevant webinars can provide insights into industry best practices and may even lead to referrals.
✨Tip Number 3
Prepare to discuss specific examples of how you've managed risks and compliance issues in previous roles. Highlighting your hands-on experience with audits and remediation processes will set you apart from other candidates.
✨Tip Number 4
Showcase your mentoring skills by discussing any experience you have in training or guiding junior team members. This is particularly important as the role involves knowledge sharing and developing training programs for stakeholders.
We think you need these skills to ace GRC Lead
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in Governance, Risk, and Compliance, particularly in cybersecurity. Use specific examples that demonstrate your expertise in managing cyber risk and compliance with regulatory requirements.
Craft a Compelling Cover Letter: Write a cover letter that clearly outlines your understanding of the role and how your skills align with the responsibilities listed. Mention your experience with third-party risk management and your ability to communicate complex technical concepts to non-technical stakeholders.
Showcase Relevant Certifications: If you have certifications like CISA, CRISC, or CISSP, be sure to include them prominently in your application. These credentials can set you apart and demonstrate your commitment to the field of cybersecurity.
Highlight Soft Skills: In addition to technical expertise, emphasise your analytical, problem-solving, and communication skills. Provide examples of how you've mentored others or collaborated with global teams, as these are key competencies for the GRC Lead role.
How to prepare for a job interview at BGC Group
✨Showcase Your Cybersecurity Knowledge
Make sure to highlight your understanding of cybersecurity threats and frameworks during the interview. Be prepared to discuss specific examples of how you've managed risks and ensured compliance in previous roles.
✨Demonstrate Your Analytical Skills
Since the role requires exceptional analytical and problem-solving skills, come ready with examples of complex issues you've tackled. Discuss how you approached these challenges and the outcomes of your decisions.
✨Prepare for Technical Questions
Expect questions related to governance, risk management, and compliance tools. Familiarise yourself with ticket management solutions and third-party risk management platforms mentioned in the job description, as well as any relevant certifications you hold.
✨Emphasise Communication Skills
As the role involves mentoring and training, be ready to demonstrate your communication abilities. Share experiences where you've effectively conveyed technical concepts to non-technical stakeholders or led training sessions.
