Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead efforts in managing cyber risk and ensuring compliance with regulations.
- Company: Join Cantor Fitzgerald’s Global Information Security team, a leader in financial services.
- Benefits: Enjoy flexible work options, professional development opportunities, and a collaborative culture.
- Why this job: Make an impact by safeguarding information security and mentoring future leaders.
- Qualifications: 6+ years in Governance Risk and Compliance; degree in IT or Cybersecurity preferred.
- Other info: Ideal for those passionate about cybersecurity and eager to tackle complex challenges.
The predicted salary is between 48000 - 84000 £ per year.
Cantor Fitzgerald’s Global Information Security team is seeking a Governance, Risk, and Compliance (GRC) Lead with expertise on managing cyber risk, ensuring compliance with regulatory requirements, and maintaining corporate controls. This role will be primarily responsible for leading efforts related to third-party risk management, client due diligence, awareness training, and regulatory compliance. The ideal candidate will have a strong grasp of cybersecurity threats and hands-on experience.
Key Responsibilities
- Governance Risk and Compliance: Advise project teams, application owners, infrastructure services, and other IT teams on information security controls, such as access management, incident handling, business continuity, system development lifecycle, threat and vulnerability management, and data protection. Identify and manage risks and vulnerabilities, providing strategic mitigation recommendations. Continuously improve policies and procedures related to controls and operational processes. Develop and deliver precise and timely metrics and reports.
- Third-Party Risk Management: Conduct risk assessments of new and existing third-party vendors to ensure compliance with company policies and regulatory requirements. This includes reviewing security controls, attestation reports, compliance certifications, and pertinent policies and processes related to threat and vulnerability management.
- Client Due Diligence: Manage and respond to due diligence inquiries from clients, providing accurate and timely information to support their compliance and risk assessment processes, while ensuring adherence to company policies and regulatory standards.
- Training and Awareness: Develop and deliver training programs to educate internal stakeholders and third-party vendors on information security best practices and risk management procedures. This includes annual mandatory training, simulated phishing campaigns, and ongoing firm-wide communications.
- Transferred Employees: Maintain a workflow designed to review the access of transferred employees. Facilitate a risk acceptance program aimed at enhancing governance surrounding potential deviations from information security policies.
- Compliance & Auditing: Demonstrated expertise in managing and addressing complex audits and compliance issues. Support organizational compliance by ensuring security controls align with regulatory and industry standards (e.g., NIST, ISO 27001, DORA). Provide evidentiary support for Audit and Compliance teams. Oversee the remediation process for findings originating from internal and external audits, risk assessments, and other control evaluations.
- Mentoring & Knowledge Sharing: Mentor junior team members across processes and technical concepts. Conduct technical training and knowledge-sharing sessions to ensure effective execution of the processes.
Key Professional Competencies
- Exceptional analytical, problem-solving, and decision-making skills.
- Outstanding written and verbal communication skills in English.
- Experience working with global teams across multiple time zones, cultures, and languages.
- Proficient in communicating technical concepts and complex solutions to a general audience, including non-technical stakeholders.
- Strong understanding of cybersecurity frameworks and practices to safeguard organizational assets.
- Ability to stay abreast of emerging technologies and evolving regulatory landscapes.
- Skilled in developing and maintaining strong partnerships with relevant businesses and technical teams, including third parties.
- Adept at handling multiple tasks and prioritising work under pressure.
- Collaborative mindset with a focus on teamwork and knowledge sharing.
- Strong work ethic and sense of discipline.
Technical Expertise
- Ticket management solutions (e.g., Provance).
- Information Security Training platforms (e.g., Ninjio).
- Third-Party Risk Management solutions (e.g., Venminder, CyberGRX, Upguard).
- Microsoft O365 products (e.g., Word, Excel, PowerPoint, Teams, etc.).
Education
- Bachelor’s degree in Information Technology, Cybersecurity, Business Administration, or a related field (or equivalent experience).
Experience
- 6+ years of experience in Governance Risk and Compliance with a focus on cybersecurity and technology management.
Certifications (preferred but not required)
- CISA, CRISC, CISM, CISSP or similar certifications.
GRC Lead employer: Job Traffic
Contact Detail:
Job Traffic Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land GRC Lead
✨Tip Number 1
Familiarise yourself with the latest cybersecurity frameworks and compliance standards like NIST and ISO 27001. This knowledge will not only help you in interviews but also demonstrate your commitment to staying updated in the field.
✨Tip Number 2
Network with professionals in the GRC space, especially those who have experience in third-party risk management. Attend industry events or webinars to connect with potential colleagues and learn about their experiences.
✨Tip Number 3
Prepare to discuss specific examples of how you've managed risks and compliance issues in previous roles. Use the STAR method (Situation, Task, Action, Result) to structure your responses effectively during interviews.
✨Tip Number 4
Showcase your mentoring skills by discussing any experience you have in training or guiding junior team members. This is a key aspect of the role, and demonstrating your ability to share knowledge can set you apart from other candidates.
We think you need these skills to ace GRC Lead
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in Governance, Risk, and Compliance, particularly in cybersecurity. Use keywords from the job description to demonstrate your fit for the role.
Craft a Compelling Cover Letter: Write a cover letter that showcases your understanding of the responsibilities outlined in the job description. Mention specific experiences where you've successfully managed cyber risk or compliance issues.
Showcase Technical Expertise: In your application, emphasise your familiarity with ticket management solutions and information security training platforms. Mention any relevant certifications you hold, as these can set you apart from other candidates.
Highlight Soft Skills: Don't forget to include examples of your analytical, problem-solving, and communication skills. The role requires collaboration across teams, so demonstrating your ability to work well with others is crucial.
How to prepare for a job interview at Job Traffic
✨Showcase Your Cybersecurity Knowledge
Make sure to brush up on the latest cybersecurity threats and frameworks. Be prepared to discuss how you've managed risks in previous roles, as this will demonstrate your expertise and understanding of the field.
✨Prepare for Scenario-Based Questions
Expect questions that ask you to solve hypothetical situations related to risk management or compliance. Practise articulating your thought process and decision-making skills in these scenarios to show your analytical capabilities.
✨Highlight Your Communication Skills
Since the role involves liaising with various teams and stakeholders, emphasise your ability to communicate complex technical concepts clearly. Prepare examples of how you've successfully conveyed information to non-technical audiences.
✨Demonstrate Your Mentoring Experience
If you've mentored junior team members or conducted training sessions, be ready to share those experiences. This shows your leadership potential and commitment to knowledge sharing, which is crucial for the GRC Lead position.
