Cyber Risk, Standards & Governance Lead in London

The TP ICAP Group is a world leading provider of market infrastructure. Our purpose is to provide clients with access to global financial and commodities markets, improving price discovery, liquidity, and distribution of data, through responsible and innovative solutions. Through our people and technology, we connect clients to superior liquidity and data solutions. The Group is home to a stable of premium brands. Collectively, TP ICAP is the largest interdealer broker in the world by revenue, the number one Energy & Commodities broker in the world, the world’s leading provider of OTC data, and an award winning all-to-all trading platform. Founded in London in 1866, the Group operates from more than 60 offices in 27 countries. We are 5,200 people strong. We work as one to achieve our vision of being the world’s most trusted, innovative, liquidity and data solutions specialist.

Role Overview

The Cyber Risk, Standards & Governance Analyst plays a critical role in safeguarding the organization’s technology ecosystem by ensuring that robust cybersecurity policies, standards, and governance frameworks are in place and consistently applied. This position is central to embedding effective cyber risk management practices across the enterprise, enabling secure operations while meeting regulatory and compliance obligations.

You will act as a trusted advisor and connector between security, engineering, risk, and audit teams, ensuring that security requirements are practical, actionable, and aligned with business objectives. By maintaining clear and current standards, driving compliance with industry certifications, and providing oversight on risk remediation, you will help the organization reduce exposure to cyber threats and maintain resilience in an evolving risk landscape.

Why this role matters:

• Ensures that critical assets, data, and systems remain secure against emerging threats.
• Maintains adherence to regulatory requirements and external certifications (ISO 27001, SOC 2), reducing audit findings and reputational risk.
• Provides governance and risk assurance that allows the business to innovate and scale securely.
• Strengthens confidence among clients, regulators, and internal stakeholders by demonstrating a mature and proactive security posture.

Key Responsibilities

• Review, update, and maintain TP ICAP Information Security Policies and Standards in line with Enterprise Risk Management and regulatory requirements.
• Provide guidance on the development, implementation, and communication of Policies and Standards; advise on enhancements or changes.
• Ensure stakeholders understand Policy and Standard requirements and support adoption through granular technology/application-specific controls.
• Coordinate compliance activities for external certifications and audits (e.g., SOC 2, ISO 27001), including audit preparation, reporting, and remediation tracking.
• Provide assurance that key Information Security risks are identified, mitigated, and monitored within the Enterprise Risk Management framework.
• Conduct periodic reviews of Cyber and Information Security risks; prioritize remediation actions based on risk severity.
• Support Enterprise Risk Management activities for the Information Security function, including control attestations, issue/action/event management, and representation in risk committees.
• Assess effectiveness of Information Security controls and track remediation of deficiencies.
• Track, analyze, and report on Key Risk Indicators (KRIs).
• Support the Information Security Committee with inputs and follow-up actions.
• Ensure Information Security projects align with internal standards and are consistently managed and tracked.
• Represent Information Security in Enterprise Risk Management reviews for assets, including inherent risk evaluation, vendor control assessments, and residual risk calculations.
• Execute security-focused risk and gap assessments for IT infrastructure, applications, vendors, and third parties.
• Develop and consult on risk mitigation strategies and coordinate execution globally.
• Provide subject matter expertise on Information Risk to relevant business units.

Experience / Competencies

Essential

• Demonstrated experience in Information Security and Risk Management within complex organizations.
• Ability to make informed decisions and provide consultancy in Information Security and Technology risk domains.
• Proven capability to collate, analyze, and report on Information Security and Technology Risk themes across diverse environments.
• Knowledge of key frameworks and standards: ISO 27001, SOC 2, NIST 800-53, CIS Benchmarks, OWASP.
• Conversant in audit and risk assessment methodologies.
• Extensive IT and Risk Management background.
• Excellent communication and writing skills; ability to interact effectively with senior IT and business stakeholders.
• Proven organizational skills with ability to manage time effectively and work independently.

Desired

• Professional certifications such as CISSP, CISA, CRISC, CEH.
• Experience with GRC platforms and leading governance-related initiatives.
• Prior experience in financial services or other highly regulated industries.
• Degree in Computer Science, Information Security, or related field (preferred but not essential).
• Experience in leading teams or providing oversight on security projects.

Location: UK - 135 Bishopsgate - London