English Leader

Cantor Fitzgerald’s Global Information Security team is seeking a Governance, Risk, and Compliance (GRC) Lead with expertise on managing cyber risk, ensuring compliance with regulatory requirements, and maintaining corporate controls. This role will be primarily responsible for leading efforts related to third-party risk management, client due diligence, awareness training, and regulatory compliance. Governance Risk and Compliance Advise project teams, application owners, infrastructure services, and other IT teams on information security controls, such as access management, incident handling, business continuity, system development lifecycle, threat and vulnerability management, and data protection. Identify and manage risks and vulnerabilities, providing strategic mitigation recommendations. Continuously improve policies and procedures related to controls and operational processes. Third-Party Risk Management: Conduct risk assessments of new and existing third-party vendors to ensure compliance with company policies and regulatory requirements. This includes reviewing security controls, attestation reports, compliance certifications, and pertinent policies and processes related to threat and vulnerability management. Manage and respond to due diligence inquiries from clients, providing accurate and timely information to support their compliance and risk assessment processes, while ensuring adherence to company policies and regulatory standards. Training and Awareness: Develop and deliver training programs to educate internal stakeholders and third-party vendors on information security best practices and risk management procedures. This includes annual mandatory training, simulated phishing campaigns, and ongoing firm-wide communications. Facilitate a risk acceptance program aimed at enhancing governance surrounding potential deviations from information security policies. Support organizational compliance by ensuring security controls align with regulatory and industry standards (e.g., Oversee the remediation process for findings originating from internal and external audits, risk assessments, and other control evaluations. Conduct technical training and knowledge-sharing sessions to ensure effective execution of the processes. Outstanding written and verbal communication skills in English. Experience working with global teams across multiple time zones, cultures, and languages. Strong understanding of cybersecurity frameworks and practices to safeguard organizational assets. Ability to stay abreast of emerging technologies and evolving regulatory landscapes. Ticket management solutions (e.g., Information Security Training platforms (e.g., Third-Party Risk Management solutions (e.g., Microsoft O365 products (e.g., Word, Excel, PowerPoint, Teams, etc.) Bachelor’s degree in Information Technology, Cybersecurity, Business Administration, or a related field (or equivalent experience). 6+ years of experience in Governance Risk and Compliance with a focus on cybersecurity and technology management.