Information Security GRC Manager

Hybrid - WFH/Manchester, United Kingdom

Applications have closed

AJ Bell

AJ Bell is a low cost, award-winning platform for the DIY investor. Learn more about our SIPP, ISA, junior ISA and Dealing account.

View company page

Job Description

To support the Chief Information Security Officer in managing and reporting the Information Security Risks faced by Technology Services and Business teams in delivering AJ Bell’s systems and services. 

This role is responsible for the delivery of ongoing governance, risk and compliance activities related to Information Security.

The Information Security GRC Manager, will work with the business and the wider information security team to ensure the appropriate controls, policies and procedures are in place to protect AJ Bell in-line with industry best practice and regulatory legislation.

In addition, this role will be responsible for coordinating and responding to activities affiliated with external/internal IT audits as well as due diligence exercises requested by our external business partners and those we perform on our suppliers.

The key responsibilities of the role are:

  • Development and delivery of information security policy aligned to industry recognised frameworks (typically ISO27001/2)
  • Exception to policy process development, management, and reporting
  • Management reporting on the status of Information Security and the security change programme.
  • Partner with Business and Technology teams, to develop and track remediation plans for identified risks and issues.
  • Supporting and developing the evaluation of the security posture for key Third Parties, to ensure that they are in line with the desired security posture required by AJ Bell.
  • Undertaking risk profiling of AJ Bell’s information and technology assets
  • Define and deliver holistic ongoing security awareness programme targeting all levels of the business

Technical Skills:

  • Strong understanding and knowledge of Information Security risk management tools and techniques
  • Experience of Information Security standards and frameworks
  • Awareness and understanding of the Information Security threat landscape
  • Awareness of Information Security solutions e.g. email / web gateways, SIEM, Endpoint protection etc.
  • Strong understanding of IT General Controls frameworks
  • Awareness of Operational Risk Management and Risk & Control Self-Assessment (RCSA) processes

Competence, knowledge and skills

Competence

  • Experience working within recognised Information Security frameworks and best practices such as ISO27001, NIST etc.
  • Minimum 5 years’ experience in an Information Security role gained in a financial services environment is preferred

Knowledge & Skills

  • Self-motivated, professional, tenacious and enthusiastic
  • Strong ownership of tasks, attention to detail and following through to conclusion
  • Ability to challenge approach, strategy and implementation to ensure Information Security is consistently considered and improved
  • Ability to work under own initiative to plan and communicate effectively with colleagues and customers
  • Structured, self-starting, flexible and enjoy working in fast-paced environments
  • Effective communication skills, both written and verbal
  • Ability to plan, organise and follow through on assigned tasks and complete with little or no prompting from management
  • Ability to learn and develop new skills and take on new challenges
  • Excellent attention to detail
  • Attained or working towards CISM certification

About us:

AJ Bell is one of the UK’s largest and best-regarded investment platforms. Over 440,000 customers currently trust us with their investments, and by continuously striving to make investing easier, we aim to help even more people take control of their financial futures. From our offices in Manchester, London and Bristol, we offer an award-winning range of solutions that caters for everyone, from professional financial advisers, to DIY investors with little to no experience.

There are opportunities for growth and professional development for members wanting to progress within their career including induction training and our study support scheme which is part of our benefits package.

At AJ Bell you can expect a friendly working environment with a strong sense of teamwork, we have a great sense of pride in what we do, and this is reflected in our guiding principles.

What we offer:

  • Competitive starting salary
  • Generous holiday allowance increasing up to 30 days with service, plus bank holidays
  • Holiday buy/sell scheme
  • Hybrid working policy
  • Casual dress code
  • Discretionary bonus
  • Contributory pension scheme
  • Dedicated time for proof-of-concepts and assessing new tech
  • Support to attend conferences, events, and meet-ups
  • Buy as you earn share scheme
  • Free share scheme
  • Paid study support for qualifications
  • Enhanced maternity/paternity scheme from day one
  • Bike loan
  • Season ticket loan portal
  • Discounted PMI and Dental
  • On-site gym and personal trainer led classes
  • Paid volunteering opportunities
  • Free social events and more

AJ Bell is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and all employees are empowered to bring their whole self to work.

We do not discriminate on the basis of race, sex, gender identity, sexual orientation, age, pregnancy, religion, physical and mental disability, marital status and any other characteristics protected by the Equality Act 2010. All decisions to hire are based on qualifications, merit and business need.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits CISM CISO Compliance Governance ISO 27001 NIST Risk management SIEM Strategy

Perks/benefits: Career development Competitive pay Conferences Fitness / gym Flex hours Flex vacation Parental leave Team events

Regions: Remote/Anywhere Europe
Country: United Kingdom
Job stats:  33  2  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.