Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead efforts in managing cyber risk and ensuring compliance with regulations.
- Company: Join Cantor Fitzgerald’s Global Information Security team, a leader in financial services.
- Benefits: Enjoy flexible work options, professional development opportunities, and a collaborative culture.
- Why this job: Make an impact by safeguarding information security and mentoring future leaders.
- Qualifications: 6+ years in Governance Risk and Compliance; degree in IT or Cybersecurity preferred.
- Other info: Ideal for those passionate about cybersecurity and eager to tackle complex challenges.
The predicted salary is between 43200 - 72000 £ per year.
Cantor Fitzgerald’s Global Information Security team is seeking a Governance, Risk, and Compliance (GRC) Lead with expertise on managing cyber risk, ensuring compliance with regulatory requirements, and maintaining corporate controls. This role will be primarily responsible for leading efforts related to third-party risk management, client due diligence, awareness training, and regulatory compliance. The ideal candidate will have a strong grasp of cybersecurity threats and hands-on experience.
Key Responsibilities
- Governance Risk and Compliance: Advise project teams, application owners, infrastructure services, and other IT teams on information security controls, such as access management, incident handling, business continuity, system development lifecycle, threat and vulnerability management, and data protection. Identify and manage risks and vulnerabilities, providing strategic mitigation recommendations. Continuously improve policies and procedures related to controls and operational processes. Develop and deliver precise and timely metrics and reports.
- Third-Party Risk Management: Conduct risk assessments of new and existing third-party vendors to ensure compliance with company policies and regulatory requirements. This includes reviewing security controls, attestation reports, compliance certifications, and pertinent policies and processes related to threat and vulnerability management.
- Client Due Diligence: Manage and respond to due diligence inquiries from clients, providing accurate and timely information to support their compliance and risk assessment processes, while ensuring adherence to company policies and regulatory standards.
- Training and Awareness: Develop and deliver training programs to educate internal stakeholders and third-party vendors on information security best practices and risk management procedures. This includes annual mandatory training, simulated phishing campaigns, and ongoing firm-wide communications.
- Transferred Employees: Maintain a workflow designed to review the access of transferred employees. Facilitate a risk acceptance program aimed at enhancing governance surrounding potential deviations from information security policies.
- Compliance & Auditing: Demonstrated expertise in managing and addressing complex audits and compliance issues. Support organizational compliance by ensuring security controls align with regulatory and industry standards (e.g., NIST, ISO 27001, DORA). Provide evidentiary support for Audit and Compliance teams. Oversee the remediation process for findings originating from internal and external audits, risk assessments, and other control evaluations.
- Mentoring & Knowledge Sharing: Mentor junior team members across processes and technical concepts. Conduct technical training and knowledge-sharing sessions to ensure effective execution of the processes.
Key Professional Competencies
- Exceptional analytical, problem-solving, and decision-making skills.
- Outstanding written and verbal communication skills in English.
- Experience working with global teams across multiple time zones, cultures, and languages.
- Proficient in communicating technical concepts and complex solutions to a general audience, including non-technical stakeholders.
- Strong understanding of cybersecurity frameworks and practices to safeguard organizational assets.
- Ability to stay abreast of emerging technologies and evolving regulatory landscapes.
- Skilled in developing and maintaining strong partnerships with relevant businesses and technical teams, including third parties.
- Adept at handling multiple tasks and prioritising work under pressure.
- Collaborative mindset with a focus on teamwork and knowledge sharing.
- Strong work ethic and sense of discipline.
Technical Expertise
- Ticket management solutions (e.g., Provance).
- Information Security Training platforms (e.g., Ninjio).
- Third-Party Risk Management solutions (e.g., Venminder, CyberGRX, Upguard).
- Microsoft O365 products (e.g., Word, Excel, PowerPoint, Teams, etc.).
Education
- Bachelor’s degree in Information Technology, Cybersecurity, Business Administration, or a related field (or equivalent experience).
Experience
- 6+ years of experience in Governance Risk and Compliance with a focus on cybersecurity and technology management.
Certifications (preferred but not required)
- CISA, CRISC, CISM, CISSP or similar certifications.
Contact Detail:
BGC Group Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land GRC Lead
✨Tip Number 1
Familiarise yourself with the latest cybersecurity frameworks and compliance standards like NIST and ISO 27001. This knowledge will not only help you in interviews but also demonstrate your commitment to staying updated in the field.
✨Tip Number 2
Network with professionals in the GRC space, especially those who have experience in third-party risk management. Engaging in discussions or attending relevant webinars can provide insights and potentially lead to referrals.
✨Tip Number 3
Prepare to discuss specific examples of how you've managed risks and compliance issues in previous roles. Having concrete stories ready will showcase your hands-on experience and problem-solving skills.
✨Tip Number 4
Demonstrate your mentoring abilities by sharing experiences where you've trained or guided others in information security best practices. This will highlight your leadership potential, which is crucial for the GRC Lead role.
We think you need these skills to ace GRC Lead
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in Governance, Risk, and Compliance, particularly in cybersecurity. Use keywords from the job description to demonstrate your fit for the role.
Craft a Compelling Cover Letter: Write a cover letter that showcases your understanding of the key responsibilities outlined in the job description. Mention specific experiences where you've successfully managed cyber risk or compliance issues.
Showcase Technical Expertise: In your application, emphasise your familiarity with ticket management solutions and information security training platforms. Mention any relevant certifications you hold, as they can strengthen your application.
Highlight Communication Skills: Since the role requires outstanding written and verbal communication skills, provide examples in your application of how you've effectively communicated complex technical concepts to non-technical stakeholders.
How to prepare for a job interview at BGC Group
✨Understand the GRC Landscape
Familiarise yourself with the key concepts of Governance, Risk, and Compliance. Be prepared to discuss how you have managed cyber risks in previous roles and how you ensure compliance with regulatory requirements.
✨Showcase Your Technical Expertise
Highlight your experience with ticket management solutions and information security training platforms. Be ready to explain how you've used these tools to enhance security measures and manage third-party risks.
✨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills in real-world situations. Think of examples where you've identified vulnerabilities or improved policies and procedures, and be ready to discuss the outcomes.
✨Demonstrate Strong Communication Skills
Since the role involves liaising with various stakeholders, practice explaining complex technical concepts in simple terms. Show that you can effectively communicate with both technical and non-technical audiences.
