Information Security Governance Risk and

**Information Security Governance Risk & Compliance,**

***Analyst (EMEA)**

**Who we’re looking for**

**About Schroders**

We’re a global investment manager. We help institutions, intermediaries and individuals around the world invest money to meet their goals, fulfil their ambitions, and prepare for the future.

We have around 6,000 people on six continents. And we’ve been around for over 200 years, but keep adapting as society and technology changes. What doesn’t change is our commitment to helping our clients, and society, prosper.

**The team**

***At Schroders, our IT is not just focused on technology; it's about leveraging cutting-edge technology to solve problems, support the business, and deliver high-quality solutions. We foster a culture of innovation and strive for excellence in everything we do. Our IT function operates globally but is managed locally, allowing us to develop and implement systems and processes across our international offices.

Within Schroders, the Global Information Security function plays a crucial role in ensuring the safe operation of our business in a constantly evolving threat and technological landscape. The function consists of dedicated teams responsible for Cyber Security and Operations, Threat Intelligence, Governance Risk and Compliance, Technology Risk, as well as the Information Security Change Programme. These teams work together to effectively manage the risks to our information assets and enable our business to operate securely.

**What you’ll do**
- Work with the Information Security team to understand and assess effectiveness of controls. Identify and risk rate gaps for treatment
- Translate technical elements and cyber risk into language that the Business can absorb and understand
- Lead the Risk Control Assessment, interview owners, assess levels of risk - Liaise with business and key stakeholders to perform assessments and identify risk
- Perform supply chain due diligence and facilitate the management of findings and communicate issues to stakeholders
- Oversee reporting and MI on progress of risk deduction and remediation - Respond to client security questionnaires, RFP/RFI's, and audit requests
- Where needed, embed local requirements into global processes. Document/Design workflows of various activities to support the Information Security team
- Interpret and perform gap analysis against cyber and data privacy regulations

**The knowledge, experience and qualifications you need**
- Stakeholder engagement is key, forming collaborative working relationships across Information Security and the wider Global Technology teams
- Sound understanding of risk and in particular cyber threats that pose concern to our organisation as well as an appreciation of the regulatory landscape
- Understanding of risks of Cloud Technologies (IaaS, PaaS) and outsourcing (Saas) as well MITRE attack frameworks
- Proven ability to analyse and manage remediation of risks or gaps through to resolution
- Familiar with EU financial regulation, NIST Cybersecurity Framework or ISO27001
- Willingness to learn and develop Governance, Risk and Compliance skillsets
- Continuous improvement mind-set, challenges the status quo and seeks self-improvement
- Strong verbal and written communications skills to effectively communicate security risks, compliance requirements, and recommendations to stakeholders
- Strong organizational skills to manage and prioritize multiple tasks, projects, and deadlines effectively
- Fluent in English

**The knowledge, experience and qualifications that will help**
- Financial Industry background is a plus
- An information security qualification is beneficial (e.g. CISM, CSSP, )

**What you’ll be like**
- Analytical and detail-oriented
- Critical thinker
- Ethical
- Continuous learner
- Collaborative

**We recognise potential, whoever you are**

Our purpose is to provide excellent investment performance to clients through active management. Diversity of thought facilitated by an inclusive culture will allow us to make better decisions and better achieve our purpose. This is why inclusion and diversity are a strategic priority for us and why we are an equal opportunities employer: you are welcome here regardless of your age, disability, gender identity, religious beliefs, sexual orientation, socio-economic background or any other protected characteristics