Information Security Governance, Risk, and Compliance (GRC) Specialist

City: London

Division: Information Security

We are seeking an experienced Information Security Governance, Risk, and Compliance (GRC) Specialist to join our team.

Our Mission at Janus Henderson is to help clients define and achieve superior financial outcomes through differentiated insights, disciplined investments, and world-class service.

Our Values are key to driving our success, and are at the heart of everything we do: Clients Come First - Always | Execution Supersedes Intention | Together We Win | Diversity Improves Results | Truth Builds Trust

• Develop and maintain comprehensive cybersecurity policies and procedures.
• Ensure these policies align with industry standards and regulatory requirements.
• Assist in the integration of security practices and control across various technical and non-technical departments, enhancing workflow and operational processes.
• Conduct regular risk assessments to help identify vulnerabilities and threats.
• Collaborate and oversee the implementation of risk mitigation strategies.
• Monitor emerging threats and evolving technologies to continuously refine risk assessment protocols.
• Ability to design and evaluate control metrics for assessing the effectiveness of cybersecurity measures.
• Collaborate with Enterprise risk management to embed cyber risk into broader risk registers and board-level reporting.

• Monitor and ensure compliance with internal policies, industry standards, and regulatory requirements.
• Engage with required stakeholders in Technology, Legal, Compliance and Internal Audit as required.
• Compile and deliver detailed compliance reports to senior management.
• Monitor upcoming regulations and prepare compliance roadmaps.

• Support and enhance engaging cybersecurity awareness training programs.
• Foster a company-wide culture of cybersecurity awareness.
• Keep current with the latest cybersecurity trends and best practices to inform training content and security measures.
• Train and guide wider Tech team members on best practices in cybersecurity risk management.
• Actively participate in the response to security incidents.
• Support post-incident evaluations and reporting.
• Collaborate with relevant stakeholders to devise and enforce corrective measures aimed at bolstering defences against future incidents.

• Bachelor’s Degree in Information Technology, Cybersecurity, or a related field; equivalent work experience also considered.
• 3 to 5 years of professional experience in information security.
• Certification such as Certified Information Systems Security Professional (CISSP) strongly preferred.
• Deep understanding of cybersecurity principles, frameworks (such as NIST, ISO/IEC 27001), and compliance standards.
• Experience with financial service regulations and regulations such as FCA, SEC, MAS, DORA.
• Proficient knowledge of network security principles and controls such as Firewalls, IPS/IPD, TCP/IP, DHCP, and DNS.
• Extensive experience in securing Operating Systems such as Windows, UNIX/Linux and Mac systems.
• Knowledge of cloud service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid, community) and experience in implementing and managing cloud security best practices.
• In-depth knowledge of IAM principles and technologies to manage digital identities and control user access and experience with Single Sign-On (SSO), Multi-Factor Authentication (MFA), and role-based access control (RBAC) systems to enhance security and operational efficiency.
• Understanding of Secure DevOps / CI/CD pipeline governance.