Connecting clients to markets – and talent to opportunity.

With 4,500+ employees and over 300,000 commercial, institutional, payments, and retail clients, we operate from more than 70 offices spread across six continents. As a Fortune 100, Nasdaq-listed provider, we connect clients to the global markets – focusing on innovation, human connection, and providing world-class products and services to all types of investors.

Whether you want to forge a career connecting our retail clients to potential trading opportunities, or ingrain yourself in the world of institutional investing, StoneX Group is made up of four business segments that offer endless potential for progression and growth.

Position Purpose: Reporting to the Manager of Governance, Risk Compliance (GRC), the Governance, Risk & Compliance Senior Analyst supports daily assurance operations related to policy compliance, governance, and risk management. You will gather data from multiple systems to report on the Information Security program's effectiveness. Engage with business personnel to ensure that IT risks are managed. Use your security expertise to help the team achieve Governance, Risk, and Compliance goals, providing a comprehensive view of compliance with the Information Security program, policies, and practices.

Primary duties will include: 

• You will engage business personnel to ensure all requisite data and information is complete, accurate, and consistently delivered. You will use your experience and knowledge of security in working with a team to deliver on Governance, Risk and Compliance goals related to developing the complete perspective for operational and management visibility of overall compliance to the Information Security program, policies, and practices.
• Coordinate the development of best practice policies and standards based on various governance frameworks
• Ensure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements.
• Design and implement an effective exception process to facilitate and manage requests for non-compliance with policies and standards.
• Develop and lead information security awareness and training initiatives, including phishing exercises.
• Develop and implement relevant cyber and IT risk metrics and reporting to management and risk committees.
• Develop and manage an information security risk register to address risk issues and action plans from all sources, e.g., IT audit, technology risk assessments, vulnerability scans, penetration testing, etc.
• Implement GRC software platform for policy administration, compliance and risk management.
• Coordinate information security internal audit, external audit, regulatory and SOX reviews to help represent the company from an information security and technology risk perspective.
• Coordinate responses to RFI\RFPs and client security related questionnaires.
• Establish a compliance management framework to manage all ‘third line of defense’ reviews and results.
• Maintain an up-to-date understanding of emerging trends in information security risks, and new techniques and trends, in-line with overall information security objectives and risk tolerance.
• Coordinate with legal, compliance functions to ensure proper implementation of data privacy legislation and disclosure
• Identify, analyze, respond to and monitor IT risk.
• Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
• Conduct third part vendor risk assessments, make recommendations and perform periodic reviews.
• Manage tracking of identified findings and actions to closure and reporting to leadership.
• Develop and maintain a Cyber and IT Control Framework.
• Develop a Cyber and IT controls catalog to align with the organization's risk appetite and tolerance levels to support business objectives.
• Ensure all controls are assigned control owners to establish accountability.
• Design and implement Cyber and IT controls assessment and assurance process to ensure controls function effectively and efficiently.

To land this role you will need:

• Minimum over 5 years of relevant experience, preferably in financial services.
• Strong background in information technology with a clear understanding of the challenges of information security.
• Demonstrated understanding of secure, complex information systems’ environment in a global financial service sell side environment.
• Relevant experience in the GRC space.
• Good understanding of information security risk management frameworks such as ISO 27001, COBIT, NIST, NIST 800-53, etc.
• Direct experience with regulatory compliance reviews and examinations.
• Strong written and verbal communication and presentation skills, and ability to work with all levels of the organization.
• Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.
• Ability to influence others.
• Team player with the ability to work independently.
• Resourceful, energetic, self-starter, flexible, goal-oriented
• Strong personal integrity.

What makes you stand out:  

• Project and program management skills.
• Excellent leadership and teamwork skills.

Education / Certification Requirements: 

• Bachelor’s degree. Master’s degree a plus.
• Preferred candidates will possess current Information Security Certifications (e.g., CISSP, CISM, CISA, or related).

Working environment:

• Hybrid; our Cracow office is located at Mogilska 35 street.
• Parking space for employees.

#LI-Hybrid #LI-MA1