Connecting clients to markets – and talent to opportunity

With 5,400+ employees and over 80,000 institutional, commercial, and payments clients, we operate from more than 80 offices spread across six continents. As a Fortune 100, Nasdaq-listed provider, we connect clients to the global markets – focusing on innovation, human connection, and providing world-class products and services to all types of investors.

Whether you want to forge a career connecting our retail clients to potential trading opportunities, or ingrain yourself in the world of institutional investing, StoneX Group is made up of four business segments that offer endless potential for progression and growth.

Business Segment Overview: Engage in a deep variety of business-critical activities that keep our company running efficiently. From strategic marketing and financial management to human resources and operational oversight, you’ll have the opportunity to optimize processes and implement game-changing policies.

Position Purpose: Working within the IT organization and reporting to the Senior Manager of GRC, the Senior IT GRC Risk Analyst leads and supports IT and information security risk and assurance activities. The role focuses on performing and reviewing risk assessments, identifying and evaluating risk scenarios, and supporting ongoing risk management efforts. The Senior Analyst analyzes data from multiple systems to assess control effectiveness and produces risk-based reporting that informs leadership on risk posture, emerging issues, and the overall effectiveness of the Information Security program. 

Primary duties will include:

• Lead the identification, assessment, and ongoing monitoring of IT and information security risks, ensuring risks are evaluated in the context of business objectives and risk appetite.

• Analyze risk scenarios, emerging technology and cyber threats, and control effectiveness to support risk-informed decision-making and prioritization.

• Perform and oversee IT and cyber risk and control assessments, including evaluating control design and operating effectiveness for key systems and processes.

• Identify control weaknesses and risk issues, assess potential impact and likelihood, and recommend appropriate risk treatment options.

• Determine when control deficiencies and issues meet defined risk thresholds and ensure risks are accurately recorded and maintained in the risk register.

• Monitor and challenge remediation activities, tracking risk reduction and residual risk through to closure.

• Provide clear, risk-based reporting and insights to leadership and governance forums on risk posture, trends, and material exposures.

• Collaborate with internal audit, external audit, and other assurance functions to align risk assessments, evidence standards, and issue management outcomes

To land this role you will need:

• Proven experience leading IT and cyber risk assessments, including evaluating control design and operating effectiveness, identifying control gaps, and maintaining accurate risk register documentation aligned to defined risk thresholds.
• Strong analytical capability to assess complex risk scenarios, emerging technology and cyber threats, and control effectiveness, translating findings into clear, risk-informed recommendations that support business decision-making and prioritization.
• Demonstrated ability to challenge and track remediation activities through to closure, while delivering concise, risk-based reporting to leadership and collaborating effectively with internal and external assurance stakeholders.

Education / Certificates:

• Bachelor's degree
• CISSP or CISM (not mandatory)

Working environment:

• Hybrid; our Cracow office is located at Mogilska 35 street.
• Parking space for employees.

#LI-Hybrid #LI-MA1