GRC Manager - 1 year FTC

The GRC Manager is responsible for the overall execution of Trayport’s Information Security Governance, Risk and Compliance programme under the guidance of the Head of Information Security. The role will primarily entail managing policies & standards including Training & Awareness deliverables, performing risk assessments, tracking security risks of the Information Security Office and organisation as well as maintaining and managing the ISO27001 certification and ensuring governance & reporting on outputs and risk posture to stakeholder groups.

Primary Responsibilities

• Execute the UK and EU GRC Strategy, ensuring compliance with GDPR, UK Data Protection Act 2018, and other regional privacy laws.
• Maintain information security policy and security standards.
• Oversee risk management processes including risk identification, assessment, controls, weaknesses, mitigation and reporting.
• Develop and deliver concise, data driven risk and compliance reporting for senior management/stakeholders, highlighting trends, emerging risks & mitigation strategies.
• Manage and support audits including customer, internal and external (standards auditors) including preparation, execution and remediation tracking.
• Maintain documentation and evidence of certifications and attestations.
• Maintain key standards such as ISO 27001, adding business value.
• Recruit, manage, coach and develop the Risk & Compliance team, setting clear goals & objectives, cultivating an inclusive culture of accountability, continuous learning and collaboration.
• Proactively participate as a senior member and leader within the ISO leadership team contributing to overall strategy, engagement, team dynamic and programmes within ISO.
• Act as a trusted advisor to executive and SME stakeholders, providing actionable insight and guidance to support risk-aware decision making.
• Partner with Legal, Privacy, Procurement, Development, IT and other functions to embed security, governance and compliance into products, systems, processes and services.
• Champion and scale security awareness and governance training programs to build a strong, security-first culture across Trayport.
• Own the development, communication and maintenance of security policies, ensuring alignment with evolving threats and compliance needs.
• Maintain Key Performance Indicator reports summarising the status of identified security issues.

Additional Responsibilities

• Build relationships with teams across Trayport and TMX Group to ensure smooth execution of the security requirements across disciplines.
• Represent Trayport security requirements in TMX central quorum forums such as AI Committee, Business Continuity & Operational Resilience and Risk/Compliance Boards.
• Ability to influence and gain credibility with the business teams across the organisation.
• Keep up to date with emerging legal, regulatory and industry standards.
• Liaise with external suppliers to ensure smooth delivery of their work.

Required Skills

• Good knowledge of ISO 27001, NIST CSF, NIS 2.0 Legal and Regulatory requirements across UK and Europe incl. GDPR.
• Supporting knowledge of CIS controls.
• Familiarity with cloud platforms: AWS, Azure or GCP.
• Track record of delivering actionable risk reporting and advisory support to executive teams, influencing strategic decision-making.
• Experience in leading customer audits and managing audit responses.
• Excellent communication skills (oral and written), with the ability to present complex risk and compliance information clearly to senior leadership and stakeholders.
• Strong analytical and critical thinking skills, capable of identifying risks, evaluating controls, and recommending effective mitigation strategies.
• Detail-oriented with proactive approach to risk and compliance.
• Proven ability to balance control and creativity with problem solving abilities - tailoring governance frameworks that fit the business.
• Experience in integrating risk management processes into business operations, including supplier and third-party risk assessments.
• Agile and self-motivated learner.
• Teamwork - able to work with other people in a collaborative manner.
• Pragmatism - able to identify compromises that meet multiple, sometimes conflicting, stakeholder needs.
• Ability to work independently and influence cross-functional teams.

Required Qualifications

• Bachelors level degree.

Desirable Qualifications

• ISO27001 Lead Implementer or Lead Auditor.
• Certified Information Systems Auditor (CISA) - ISACA.
• Certified Information Security Manager (CISM) - ISACA.
• CompTIA Security+.
• ITIL, COBIT or similar governance frameworks.
• Other relevant certifications in cyber security or IT governance.

Trayport is committed to creating and sustaining a collegial work environment in which all individuals are treated with dignity and respect and one which reflects the diversity of the community in which we operate. We provide accommodations for applicants and employees who require it.