Governance Risk & Compliance Senior Analyst

Overview

Connecting clients to markets – and talent to opportunity

With 4,300 employees and over 400,000 retail and institutional clients from more than 80 offices spread across five continents, we’re a Fortune-100, Nasdaq-listed provider, connecting clients to the global markets – focusing on innovation, human connection, and providing world-class products and services to all types of investors.

At StoneX, we offer you the opportunity to be part of an institutional-grade financial services network that connects companies, organizations, and investors to the global markets ecosystem. As a team member, you'll benefit from our unique blend of digital platforms, comprehensive clearing and execution services, personalized high-touch support, and deep industry expertise. Elevate your career with us and make a significant impact in the world of global finance.

Business Segment Overview: Engage in a deep variety of business-critical activities that keep our company running efficiently. From strategic marketing and financial management to human resources and operational oversight, you’ll have the opportunity to optimize processes and implement game-changing policies.

Responsibilities

Position Purpose: Reporting to the Manager of Governance, Risk Compliance (GRC), the Governance, Risk & Compliance Senior Analyst supports daily assurance operations related to policy compliance, governance, and risk management. You will gather data from multiple systems to report on the Information Security program's effectiveness. Engage with business personnel to ensure that IT risks are managed. Use your security expertise to help the team achieve Governance, Risk, and Compliance goals, providing a comprehensive view of compliance with the Information Security program, policies, and practices.

Primary duties will include: 

• You will engage business personnel to ensure all requisite data and information is complete, accurate, and consistently delivered. You will use your experience and knowledge of security in working with a team to deliver on Governance, Risk and Compliance goals related to developing the complete perspective for operational and management visibility of overall compliance to the Information Security program, policies, and practices.
• Coordinate the development of best practice policies and standards based on various governance frameworks
• Ensure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements.
• Design and implement an effective exception process to facilitate and manage requests for non-compliance with policies and standards.
• Develop and lead information security awareness and training initiatives, including phishing exercises.
• Develop and implement relevant cyber and IT risk metrics and reporting to management and risk committees.
• Develop and manage an information security risk register to address risk issues and action plans from all sources, e.g., IT audit, technology risk assessments, vulnerability scans, penetration testing, etc.
• Implement GRC software platform for policy administration, compliance and risk management.
• Coordinate information security internal audit, external audit, regulatory and SOX reviews to help represent the company from an information security and technology risk perspective.
• Coordinate responses to RFI\RFPs and client security related questionnaires.
• Establish a compliance management framework to manage all ‘third line of defense’ reviews and results.
• Maintain an up-to-date understanding of emerging trends in information security risks, and new techniques and trends, in-line with overall information security objectives and risk tolerance.
• Coordinate with legal, compliance functions to ensure proper implementation of data privacy legislation and disclosure
• Identify, analyze, respond to and monitor IT risk.
• Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
• Conduct third part vendor risk assessments, make recommendations and perform periodic reviews.
• Manage tracking of identified findings and actions to closure and reporting to leadership.
• Develop and maintain a Cyber and IT Control Framework.
• Develop a Cyber and IT controls catalog to align with the organization's risk appetite and tolerance levels to support business objectives.
• Ensure all controls are assigned control owners to establish accountability.
• Design and implement Cyber and IT controls assessment and assurance process to ensure controls function effectively and efficiently.

Qualifications

To land this role you will need:

• Minimum over 5 years of relevant experience, preferably in financial services.
• Strong background in information technology with a clear understanding of the challenges of information security.
• Demonstrated understanding of secure, complex information systems’ environment in a global financial service sell side environment.
• Relevant experience in the GRC space.
• Good understanding of information security risk management frameworks such as ISO 27001, COBIT, NIST, NIST 800-53, etc.
• Direct experience with regulatory compliance reviews and examinations.
• Strong written and verbal communication and presentation skills, and ability to work with all levels of the organization.
• Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.
• Ability to influence others.
• Team player with the ability to work independently.
• Resourceful, energetic, self-starter, flexible, goal-oriented
• Strong personal integrity.

What makes you stand out:  

• Project and program management skills.
• Excellent leadership and teamwork skills.

Education / Certification Requirements: 

• Bachelor’s degree. Master’s degree a plus.
• Preferred candidates will possess current Information Security Certifications (e.g., CISSP, CISM, CISA, or related).

Working environment:

• Hybrid; our Cracow office is located at Mogilska 35 street.
• Parking space for employees.

#LI-Hybrid #LI-MA1