GRC Analyst

Job Description

We are now looking for a GRC Analyst to support the GRC Manager in managing and reporting the Information Security Risks faced by Technology Services and Business teams in delivering AJ Bell’s systems and services. The Information Security GRC function works with the business and the wider information security team to ensure the appropriate controls, policies and procedures are in place to protect AJ Bell in-line with industry best practice and regulatory legislation. In addition, this role will be responsible for coordinating and responding to activities affiliated with external/internal IT audits as well as due diligence exercises requested by our external business partners and those we perform on our suppliers.

The key responsibilities of the role are:

• Demonstrated expertise in implementing risk frameworks and applying risk management principles.
• Ensure continuous alignment with business strategy through oversight of the IT General Controls framework, activities, and processes, including comprehensive metrics and reporting.
• Work with multiple process owners and risk leads to perform gap analysis and risk assessments to propose strategies on risk remediation.
• Support on the wider GRC function such as 3rd party risk and supplier due diligence
• Regular reporting on GRC key risk and key performance indicators, including regular review of remediation activities
• Engaging with stakeholders across the business, including learning and development teams and senior stakeholders to define and communicate key cyber security culture and awareness training
• Support teams on the provision of evidence and communication with auditors
• Work to ensure risks are managed within risk appetite and findings are closed within an agreed timeframe.
• Support alignment and reviews of our maturity against security frameworks as agreed with the CISO, such as NIST CSF and ISO 27001/2
• Perform any other GRC duties and responsibilities, as assigned.

Knowledge & Skills

• Experience in security governance, risk, and compliance or related.
• Broad and solid understanding of cyber security concepts and risks.
• Strong familiarity with industry frameworks such as ISO standards, NIST, and SOC reports.
• Demonstrable knowledge in the assessment of third-party suppliers.
• Experience in drafting security policies and procedures
• Strong analytical thinking, written, and oral communication skills.
• Effective communication skills, both written and verbal
• Ability to plan, take ownership, organise and follow through on assigned tasks and complete with little or no prompting from management
• Ability to challenge approach, strategy and implementation to ensure Information Security is consistently considered and improved

About us:

AJ Bell is one of the fastest-growing investment platform businesses in the UK offering an award-winning range of solutions that caters for everyone, from professional financial advisers, to DIY investors with little to no experience. We have over 484,000 customers using our award-winning platform propositions to manage assets totalling more than £76.2 billion. Our customers trust us with their investments, and by continuously striving to make investing easier, we aim to help even more people take control of their financial futures.

Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company.

Headquartered in Manchester with offices in central London and Bristol, we now have over 1300 employees and have been named one of the UK's 'Best 100 Companies to Work For’ for six consecutive years.

What we offer:

• Starting salary of £50,000 - £65,000 (DOE)
• Generous holiday allowance increasing up to 31 days with service, plus bank holidays
• Holiday buy/sell scheme
• Hybrid working policy
• Casual dress code
• Discretionary bonus
• Contributory pension scheme
• Healthcare Cash Plan
• Dedicated time for proof-of-concepts and assessing new tech
• Support to attend conferences, events, and meet-ups
• Buy as you earn share scheme
• Free annual share scheme
• Paid study support for qualifications
• Enhanced maternity/paternity scheme from day one
• Bike loan
• Season ticket loan portal
• Discounted PMI and Dental
• Free gym
• Paid volunteering opportunities, free social events and more

AJ Bell is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and all employees are empowered to bring their whole self to work.

We do not discriminate on the basis of race, sex, gender identity, sexual orientation, age, pregnancy, religion, physical and mental disability, marital status and any other characteristics protected by the Equality Act 2010. All decisions to hire are based on qualifications, merit and business need.