InfoSec GRC Analyst

• Work closely with the Global Information Security team to assess the effectiveness of controls, identify gaps, risk rate findings, and support mitigation planning.
• Support the Third-Party Risk Management (TPRM) framework, including the management of escalations and remediation activities.
• Run the exception management processes to ensure issues and approvals are appropriately tracked and reviewed.
• Translate technical cyber risk topics into clear, business-friendly language for non-technical stakeholders.
• Liaise with the business and key stakeholders to perform assessments and identify risk exposures.
• Oversee supply chain due diligence, manage findings, and communicate issues to relevant stakeholders for resolution.
• Ensure that resilience requirements and considerations are appropriately integrated into TPRM activities.
• Oversee reporting and management information (MI) on risk reduction progress and remediation status.
• Respond to client security questionnaires, RFIs, RFPs, and audit requests as needed.Document and design workflows to support a range of information security activities.

Do you have experience in Supply chain?, * Strong stakeholder engagement skills, enabling effective collaboration across Information Security and Global Technology teams.

• Sound understanding of risk management, particularly regarding cyber threats and regulatory requirements - with a specific knowledge on the cyber TPRM and supply chain risk.
• Demonstrated ability to analyse risks or gaps and manage their remediation through to resolution. Proven track record in managing exception requests and effectively articulating risk to the user community.
• Familiarity with the NIST Cybersecurity Framework, ISO27001 and operational resilience.
• Willingness to learn and develop governance, risk, and compliance (GRC) skillsets.
• A continuous improvement mind-set challenges the status quo and seeks personal development.
• Excellent verbal and written communication skills.
• An information security qualification (such as CISSP, CISM, or similar) is beneficial but not essential.Experience with AI tools and ServiceNow is an advantage.

About Schroders We're a global investment manager. We help institutions, intermediaries and individuals around the world invest money to meet their goals, fulfil their ambitions, and prepare for the future. We have around 5,000 people on six continents. And we've been around for over 200 years but keep adapting as society and technology changes. What doesn't change is our commitment to helping our clients, and society, prosper. The team At Schroders, our IT is not just focused on technology; it's about leveraging cutting-edge technology to solve problems, support the business, and deliver high-quality solutions. We foster a culture of innovation and strive for excellence in everything we do. Our IT function operates globally but is managed locally, allowing us to develop and implement systems and processes across our international offices. Within Schroders, the Global Information Security function plays a crucial role in ensuring the safe operation of our business in a constantly evolving threat and technological landscape. The function consists of dedicated teams responsible for Cyber Security and Operations, Threat Intelligence, Governance Risk and Compliance, Technology Risk, as well as the Information Security Change Programme. These teams work together to effectively manage the risks to our information assets and enable our business to operate securely.