Connecting clients to markets – and talent to opportunity

With 4,300 employees and over 400,000 retail and institutional clients from more than 80 offices spread across five continents, we’re a Fortune-100, Nasdaq-listed provider, connecting clients to the global markets – focusing on innovation, human connection, and providing world-class products and services to all types of investors.

At StoneX, we offer you the opportunity to be part of an institutional-grade financial services network that connects companies, organizations, and investors to the global markets ecosystem. As a team member, you'll benefit from our unique blend of digital platforms, comprehensive clearing and execution services, personalized high-touch support, and deep industry expertise. Elevate your career with us and make a significant impact in the world of global finance.

Corporate: Engage in a deep variety of business-critical activities that keep our company running efficiently. From strategic marketing and financial management to human resources and operational oversight, you’ll have the opportunity to optimize processes and implement game-changing policies.

Position Purpose

The Controls Analyst is responsible for evaluating and testing the effectiveness of the organization’s IT and cybersecurity controls. This role involves conducting control assessments, identifying potential weaknesses, and ensuring that security measures comply with regulatory standards and internal policies. The Controls Tester will collaborate with various teams, including IT, Information Security, Internal Audit, and Compliance, to ensure that controls are designed and operating effectively. The ideal candidate will have a strong background in IT risk management, cybersecurity frameworks, and experience performing detailed control testing

Primary Duties

1. Control Testing and Assessment:

• Conduct regular testing and validation of IT and information security controls to ensure effectiveness.
• Review control design and operation, identifying potential gaps or weaknesses in the organization's security framework.
• Test technical security controls, including access management, network security, encryption, vulnerability management, and incident response measures.
• Assess the implementation of cybersecurity controls against established frameworks such as NIST, ISO 27001, CIS Controls, and other relevant regulatory requirements.
• Perform detailed documentation of test procedures, results, and findings.

2. Compliance and Risk Management:

• Ensure that IT and cybersecurity controls comply with relevant legal, regulatory, and industry standards (e.g., SOX, GDPR, PCI-DSS, etc.).
• Collaborate with IT, Information Security, and Risk Management teams to ensure proper implementation and monitoring of controls.
• Review and analyze IT risk assessments to ensure risks are adequately addressed by existing controls or recommend additional controls if necessary.
• Support internal and external audits by providing test results, documentation, and evidence of control effectiveness.

3. Reporting and Recommendations:

• Prepare detailed reports summarizing test findings, control deficiencies, and potential risks.
• Provide recommendations for improving the design and implementation of IT and security controls to mitigate risks and enhance the security posture.
• Track and monitor remediation efforts related to identified control deficiencies or weaknesses.
• Present testing results and risk findings to senior management and other key stakeholders.

4. Continuous Improvement and Collaboration:

• Assist in the development and refinement of control testing methodologies, procedures, and tools.
• Collaborate with IT and Information Security teams to help improve the overall security and risk management framework.
• Participate in the ongoing evaluation of emerging cybersecurity risks and evolving regulatory requirements to adjust control testing practices as needed.
• Provide input on the development and maintenance of security policies, standards, and procedures.

What makes you land in this role

• Bachelor's degree in Information Technology, Information Security, Computer Science, or a related field.
• 5 - 10 years of experience in IT risk management, information security, or internal audit with a focus on control testing.
• Familiarity with cybersecurity frameworks and standards (e.g., NIST, ISO 27001, COBIT, CIS Controls, etc.).
• Experience testing a wide range of IT controls, including network security, access management, data protection, and system monitoring.
• Strong understanding of risk management principles and regulatory compliance requirements.
• Excellent analytical, problem-solving, and communication skills.
• Proficiency in documenting control assessments and creating reports.

 What makes you stand out:

• Certifications such as Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC).
• Experience with governance, risk, and compliance (GRC) tools or platforms.
• Familiarity with cloud security controls and technologies.
• Knowledge of automated control testing tools and techniques.

#LI-Hybrid #LI-ND1