Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Engage with IT disciplines, manage third-party risks, and enhance supply chain security.
- Company: Join Schroders, a global investment manager with over 200 years of innovation.
- Benefits: Collaborative culture, professional growth, and a commitment to diversity and inclusion.
- Why this job: Make a real impact in cybersecurity while working with cutting-edge technology.
- Qualifications: Strong stakeholder engagement and understanding of cyber risk management.
- Other info: Dynamic team environment with opportunities for continuous learning and development.
The predicted salary is between 36000 - 60000 Β£ per year.
This is an excellent opportunity for someone who enjoys engaging with a broad range of IT disciplines and stakeholders and thrives in a collaborative team environment. As part of the Cyber Governance and Tech Risk team, reporting to the InfoSec GRC Lead, the successful candidate will be responsible for GRC activities, with a particular emphasis on Third Party Risk Management (TPRM) and Exception Management.
Key responsibilities include:
- Overseeing access management for external staff.
- Supporting the management of third-party cyber incidents within the supply chain.
- Enhancing supporting data related to supply chain risk.
- Managing the Exception Management processes to ensure robust review and effective challenge of approval requests.
What youβll do:
- Work closely with the Global Information Security team to assess the effectiveness of controls, identify gaps, risk rate findings, and support mitigation planning.
- Support the Third-Party Risk Management (TPRM) framework, including the management of escalations and remediation activities.
- Run the exception management processes to ensure issues and approvals are appropriately tracked and reviewed.
- Translate technical cyber risk topics into clear, business-friendly language for non-technical stakeholders.
- Liaise with the business and key stakeholders to perform assessments and identify risk exposures.
- Oversee supply chain due diligence, manage findings, and communicate issues to relevant stakeholders for resolution.
- Ensure that resilience requirements and considerations are appropriately integrated into TPRM activities.
- Oversee reporting and management information (MI) on risk reduction progress and remediation status.
- Respond to client security questionnaires, RFIs, RFPs, and audit requests as needed.
- Document and design workflows to support a range of information security activities.
The knowledge, experience, and qualifications you need:
- Strong stakeholder engagement skills, enabling effective collaboration across Information Security and Global Technology teams.
- Sound understanding of risk management, particularly regarding cyber threats and regulatory requirements β with a specific knowledge on the cyber TPRM and supply chain risk.
- Demonstrated ability to analyse risks or gaps and manage their remediation through to resolution.
- Proven track record in managing exception requests and effectively articulating risk to the user community.
- Familiarity with the NIST Cybersecurity Framework, ISO27001 and operational resilience.
- Willingness to learn and develop governance, risk, and compliance (GRC) skillsets.
- A continuous improvement mind-set challenges the status quo and seeks personal development.
- Excellent verbal and written communication skills.
- An information security qualification (such as CISSP, CISM, or similar) is beneficial but not essential.
- Experience with AI tools and ServiceNow is an advantage.
We recognise potential, whoever you are. Our purpose is to provide excellent investment performance to clients through active management. Diversity of thought facilitated by an inclusive culture will allow us to make better decisions and better achieve our purpose. This is why inclusion and diversity are a strategic priority for us and why we are an equal opportunities employer: you are welcome here regardless of your age, disability, gender identity, religious beliefs, sexual orientation, socio-economic background, or any other protected characteristics.
InfoSec GRC Analyst employer: Schroders UK
Contact Detail:
Schroders UK Recruiting Team
StudySmarter Expert Advice π€«
We think this is how you could land InfoSec GRC Analyst
β¨Tip Number 1
Network like a pro! Reach out to folks in the InfoSec and GRC space on LinkedIn or at industry events. A friendly chat can open doors that a CV just can't.
β¨Tip Number 2
Show off your skills! Prepare a portfolio or case studies that highlight your experience with Third Party Risk Management and Exception Management. Real-life examples can make you stand out.
β¨Tip Number 3
Practice makes perfect! Get ready for interviews by rehearsing answers to common questions about risk management and stakeholder engagement. Confidence is key!
β¨Tip Number 4
Apply through our website! Itβs the best way to ensure your application gets seen by the right people. Plus, it shows you're genuinely interested in joining our team.
We think you need these skills to ace InfoSec GRC Analyst
Some tips for your application π«‘
Tailor Your Application: Make sure to customise your CV and cover letter for the InfoSec GRC Analyst role. Highlight your experience with Third Party Risk Management and any relevant skills that align with the job description. We want to see how you fit into our team!
Showcase Your Communication Skills: Since you'll be translating technical jargon into business-friendly language, it's crucial to demonstrate your communication prowess. Use clear and concise language in your application to reflect this skill. We love a good communicator!
Highlight Stakeholder Engagement Experience: Engagement with various stakeholders is key in this role. Share examples of how you've successfully collaborated with different teams or departments in your previous roles. We value teamwork and collaboration at StudySmarter!
Apply Through Our Website: We encourage you to submit your application through our website. Itβs the best way for us to receive your details and ensures youβre considered for the role. Plus, itβs super easy to do!
How to prepare for a job interview at Schroders UK
β¨Know Your GRC Basics
Make sure you brush up on your Governance, Risk, and Compliance (GRC) knowledge, especially around Third Party Risk Management (TPRM). Be ready to discuss how you would assess risks and manage exceptions, as these are key responsibilities in the role.
β¨Engage with Stakeholders
Since this role involves liaising with various stakeholders, practice how you would communicate complex cyber risk topics in a way that's easy for non-technical folks to understand. Think of examples from your past experiences where you've successfully engaged with different teams.
β¨Show Your Problem-Solving Skills
Prepare to discuss specific instances where you've identified gaps in risk management and how you tackled them. Highlight your analytical skills and your ability to translate findings into actionable plans, as this will demonstrate your fit for the role.
β¨Familiarise Yourself with Frameworks
Get comfortable with the NIST Cybersecurity Framework and ISO27001, as well as any operational resilience concepts. Being able to reference these frameworks during your interview will show that you're not just knowledgeable but also serious about the field.
