At a Glance
- Tasks: Develop and manage cybersecurity policies, conduct risk assessments, and ensure compliance.
- Company: Join a leading investment firm committed to cybersecurity excellence.
- Benefits: Flexible working options, competitive salary, and a supportive work environment.
- Other info: Diverse and inclusive workplace with opportunities for professional growth.
- Why this job: Make a real impact in safeguarding digital assets and enhancing security culture.
- Qualifications: Bachelor’s degree in IT or Cybersecurity; 3-5 years of experience preferred.
The predicted salary is between 50000 - 65000 € per year.
Your opportunity
- Policy Development and Management
- Develop and maintain comprehensive cybersecurity policies and procedures.
- Ensure these policies align with industry standards and regulatory requirements.
- Assist in the integration of security practices and control across various technical and non-technical departments, enhancing workflow and operational processes.
- Risk Management
- Conduct regular risk assessments to help identify vulnerabilities and threats.
- Collaborate and oversee the implementation of risk mitigation strategies.
- Monitor emerging threats and evolving technologies to continuously refine risk assessment protocols.
- Ability to design and evaluate control metrics for assessing the effectiveness of cybersecurity measures.
- Collaborate with Enterprise risk management to embed cyber risk into broader risk registers and board-level reporting.
- Compliance Management
- Monitor and ensure compliance with internal policies, industry standards, and regulatory requirements.
- Engage with required stakeholders in Technology, Legal, Compliance and Internal Audit as required.
- Compile and deliver detailed compliance reports to senior management.
- Monitor upcoming regulations and prepare compliance roadmaps.
- Training and Awareness
- Support and enhance engaging cybersecurity awareness training programs.
- Foster a company-wide culture of cybersecurity awareness.
- Keep current with the latest cybersecurity trends and best practices to inform training content and security measures.
- Train and guide wider Tech team members on best practices in cybersecurity risk management.
- Incident Management
- Actively participate in the response to security incidents.
- Support post-incident evaluations and reporting.
- Collaborate with relevant stakeholders to devise and enforce corrective measures aimed at bolstering defences against future incidents.
- Stakeholder Engagement
- Maintain clear and effective communication with stakeholders at all levels.
- Provide expert guidance on cybersecurity best practices.
- Work collaboratively with Technology and other departments to achieve comprehensive security objectives.
Must have skills
- Bachelor’s Degree in Information Technology, Cybersecurity, or a related field; equivalent work experience also considered.
- 3 to 5 years of professional experience in information security.
- Certification such as Certified Information Systems Security Professional (CISSP) strongly preferred.
- Deep understanding of cybersecurity principles, frameworks (such as NIST, ISO/IEC 27001), and compliance standards.
- Experience with financial service regulations and regulations such as FCA, SEC, MAS, DORA.
- Proficient knowledge of network security principles and controls such as Firewalls, IPS/IPD, TCP/IP, DHCP, and DNS.
- Extensive experience in securing Operating Systems such as Windows, UNIX/Linux and Mac systems, including security access rights and implementing configuration best practices.
- Knowledge of cloud service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid, community) and experience in implementing and managing cloud security best practices.
- In-depth knowledge of IAM principles and technologies to manage digital identities and control user access, including experience with Single Sign-On (SSO), Multi-Factor Authentication (MFA), and role-based access control (RBAC) systems.
- Understanding of Secure DevOps / CI/CD pipeline governance.
Supervisory responsibilities
No
You will be expected to understand the regulatory obligations of the firm, and abide by the regulated entity requirements and JHI policies applicable for your role. At Janus Henderson Investors we’re committed to an inclusive and supportive environment. We believe diversity improves results and we welcome applications from candidates from all backgrounds. Don’t worry if you don’t think you tick every box, we still want to hear from you! We understand everyone has different commitments and while we can’t accommodate every flexible working request we’re happy to be asked about work flexibility and our hybrid working environment. If you need any reasonable accommodations during our recruitment process, please get in touch and let us know at recruiter@janushenderson.com. All applicants must be willing to comply with the provisions of Janus Henderson Investment Advisory Code of Ethics related to personal securities activities and other disclosure and certification requirements, including past political contributions and political activities. Applicants’ past political contributions or activity may impact applicants’ eligibility for this position. Janus Henderson is an equal opportunity /Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. All applications are subject to background checks.
Information Security Governance, Risk, and Compliance (GRC) Specialist employer: LGBT Great
At Janus Henderson Investors, we pride ourselves on fostering a dynamic and inclusive work environment that prioritises employee growth and development. As an Information Security Governance, Risk, and Compliance (GRC) Specialist, you will benefit from our commitment to continuous learning, with access to cutting-edge training programs and a culture that encourages collaboration across departments. Located in a vibrant city, we offer a hybrid working model that supports work-life balance, ensuring that our employees can thrive both personally and professionally.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Governance, Risk, and Compliance (GRC) Specialist
✨Tip Number 1
Network like a pro! Reach out to folks in the cybersecurity field, especially those who work in GRC. Attend industry events or webinars, and don’t be shy about asking for informational interviews. You never know who might have the inside scoop on job openings!
✨Tip Number 2
Show off your skills! Create a portfolio that highlights your experience with risk assessments, policy development, and compliance management. Use real-world examples to demonstrate how you've tackled challenges in the past. This will make you stand out when chatting with potential employers.
✨Tip Number 3
Stay updated on trends! Cybersecurity is always evolving, so keep an eye on the latest threats and technologies. Follow relevant blogs, podcasts, or social media accounts. This knowledge can give you great talking points during interviews and show that you're passionate about the field.
✨Tip Number 4
Apply through our website! We love seeing applications directly from candidates who are excited about joining us. Tailor your application to highlight your experience with frameworks like NIST or ISO/IEC 27001, and let us know how you can contribute to our cybersecurity culture.
We think you need these skills to ace Information Security Governance, Risk, and Compliance (GRC) Specialist
Some tips for your application 🫡
Tailor Your Application:Make sure to customise your CV and cover letter to highlight your experience in cybersecurity policies and risk management. We want to see how your skills align with the specific requirements of the GRC Specialist role.
Showcase Your Certifications:If you’ve got certifications like CISSP, don’t hold back! Mention them prominently in your application. We love seeing candidates who are committed to their professional development and understand industry standards.
Be Clear and Concise:When writing your application, keep it straightforward. Use bullet points for key achievements and avoid jargon unless it’s relevant. We appreciate clarity and want to quickly grasp your qualifications.
Apply Through Our Website:Don’t forget to submit your application through our website! It’s the best way for us to receive your details and ensures you’re considered for the role. Plus, it’s super easy!
How to prepare for a job interview at LGBT Great
✨Know Your Cybersecurity Policies
Before the interview, make sure you’re well-versed in the latest cybersecurity policies and procedures relevant to the role. Familiarise yourself with industry standards like NIST and ISO/IEC 27001, as well as any specific regulations mentioned in the job description. This will show your potential employer that you’re proactive and knowledgeable.
✨Demonstrate Risk Management Skills
Be prepared to discuss your experience with risk assessments and mitigation strategies. Think of specific examples where you identified vulnerabilities and how you addressed them. This will highlight your practical skills and understanding of the importance of risk management in cybersecurity.
✨Engage with Compliance Knowledge
Brush up on compliance management, especially regarding financial service regulations like FCA and SEC. Be ready to talk about how you’ve ensured compliance in previous roles and how you would approach compiling compliance reports. This will demonstrate your ability to navigate complex regulatory environments.
✨Showcase Your Training and Awareness Initiatives
Think about how you’ve contributed to cybersecurity awareness training in the past. Be ready to share ideas on how to foster a culture of cybersecurity within an organisation. This will illustrate your commitment to not just your role, but to the overall security posture of the company.
