Information Security Governance, Risk, and Compliance (GRC) Specialist in London

Policy Development And Management

• Develop and maintain comprehensive cybersecurity policies and procedures.
• Ensure these policies align with industry standards and regulatory requirements.
• Assist in the integration of security practices and control across various technical and non-technical departments, enhancing workflow and operational processes.

Risk Management

• Conduct regular risk assessments to help identify vulnerabilities and threats.
• Collaborate and oversee the implementation of risk mitigation strategies.
• Monitor emerging threats and evolving technologies to continuously refine risk assessment protocols.
• Ability to design and evaluate control metrics for assessing the effectiveness of cybersecurity measures.
• Collaborate with Enterprise risk management to embed cyber risk into broader risk registers and board-level reporting.

Compliance Management

• Monitor and ensure compliance with internal policies, industry standards, and regulatory requirements.
• Engage with required stakeholders in Technology, Legal, Compliance and Internal Audit as required.
• Compile and deliver detailed compliance reports to senior management.
• Monitor upcoming regulations and prepare compliance roadmaps.

Training And Awareness

• Support and enhance engaging cybersecurity awareness training programs.
• Foster a company-wide culture of cybersecurity awareness.
• Keep current with the latest cybersecurity trends and best practices to inform training content and security measures.
• Train and guide wider Tech team members on best practices in cybersecurity risk management.

Incident Management

• Actively participate in the response to security incidents.
• Support post-incident evaluations and reporting.
• Collaborate with relevant stakeholders to devise and enforce corrective measures aimed at bolstering defences against future incidents.

Stakeholder Engagement

• Maintain clear and effective communication with stakeholders at all levels.
• Provide expert guidance on cybersecurity best practices.
• Work collaboratively with Technology and other departments to achieve comprehensive security objectives.

Must have skills

• Bachelor’s Degree in Information Technology, Cybersecurity, or a related field; equivalent work experience also considered.
• 3 to 5 years of professional experience in information security.
• Certification such as Certified Information Systems Security Professional (CISSP) strongly preferred.
• Deep understanding of cybersecurity principles, frameworks (such as NIST, ISO/IEC 27001), and compliance standards.
• Experience with financial service regulations and regulations such as FCA, SEC, MAS, DORA.
• Proficient knowledge of network security principles and controls such as Firewalls, IPS/IPD, TCP/IP, DHCP, and DNS.
• Extensive experience in securing Operating Systems such as Windows, UNIX/Linux and Mac systems.
• Knowledge of cloud service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid, community) and experience in implementing and managing cloud security best practices.
• In-depth knowledge of IAM principles and technologies to manage digital identities and control user access and experience with Single Sign-On (SSO), Multi-Factor Authentication (MFA), and role-based access control (RBAC) systems to enhance security and operational efficiency.
• Understanding of Secure DevOps / CI/CD pipeline governance.

Supervisory responsibilities

• No.

You will be expected to understand the regulatory obligations of the firm, and abide by the regulated entity requirements and JHI policies applicable for your role.

Janus Henderson (including its subsidiaries) will not maintain existing or sponsor new industry registrations or licenses where not supported by an employee’s job functions (as determined by Janus Henderson at its sole discretion).

All applicants must be willing to comply with the provisions of Janus Henderson Investment Advisory Code of Ethics related to personal securities activities and other disclosure and certification requirements, including past political contributions and political activities. Applicants’ past political contributions or activity may impact applicants’ eligibility for this position.

Janus Henderson is an equal opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. All applications are subject to background checks.