Information Security Governance, Risk, and Compliance (GRC) Specialist

Why work for us?

A career at Janus Henderson is more than a job, it’s about investing in a brighter future together.

Our Mission at Janus Henderson is to help clients define and achieve superior financial outcomes through differentiated insights, disciplined investments, and world-class service. We will do this by protecting and growing our core business, amplifying our strengths and diversifying where we have the right.

Our Values are key to driving our success, and are at the heart of everything we do:

Clients Come First - Always | Execution Supersedes Intention | Together We Win | Diversity Improves Results | Truth Builds Trust

If our mission, values, and purpose align with your own, we would love to hear from you!

Your opportunity

Policy Development And Management

• Develop and maintain comprehensive cybersecurity policies and procedures.
• Ensure these policies align with industry standards and regulatory requirements.
• Assist in the integration of security practices and control across various technical and non-technical departments, enhancing workflow and operational processes.

Risk Management

• Conduct regular risk assessments to help identify vulnerabilities and threats.
• Collaborate and oversee the implementation of risk mitigation strategies.
• Monitor emerging threats and evolving technologies to continuously refine risk assessment protocols.
• Ability to design and evaluate control metrics for assessing the effectiveness of cybersecurity measures.
• Collaborate with Enterprise risk management to embed cyber risk into broader risk registers and board-level reporting.

Compliance Management

• Monitor and ensure compliance with internal policies, industry standards, and regulatory requirement.
• Engage with required stakeholders in Technology, Legal, Compliance and Internal Audit as required
• Compile and deliver detailed compliance reports to senior management
• Monitor upcoming regulations and prepare compliance roadmaps.

Training And Awareness

• Support and enhance engaging cybersecurity awareness training programs.
• Foster a company-wide culture of cybersecurity awareness.
• Keep current with the latest cybersecurity trends and best practices to inform training content and security measures
• Train and guide wider Tech team members on best practices in cybersecurity risk management.

Incident Management

• Actively participate in the response to security incidents.
• Support post-incident evaluations and reporting.
• Collaborate with relevant stakeholders to devise and enforce corrective measures aimed at bolstering defences against future incidents.

Stakeholder Engagement

• Maintain clear and effective communication with stakeholders at all levels.
• Provide expert guidance on cybersecurity best practices.
• Work collaboratively with Technology and other departments to achieve comprehensive security objective

Must have skills

• Bachelor’s Degree in Information Technology, Cybersecurity, or a related field; equivalent work experience also considered.
• 3 to 5 years of professional experience in information security.
• Certification such as Certified Information Systems Security Professional (CISSP) strongly preferred.
• Deep understanding of cybersecurity principles, frameworks (such as NIST, ISO/IEC 27001), and compliance standards.
• Experience with financial service regulations and regulations such as FCA, SEC, MAS, DORA.
• Proficient knowledge of network security principles and controls such as Firewalls, IPS/IPD, TCP/IP, DHCP, and DNS
• Extensive experience in securing Operating Systems such as Windows, UNIX/Linux and Mac systems. This includes security access rights, implementing configuration best practices
• Knowledge of cloud service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid, community) and experience in implementing and managing cloud security best practices.
• In-depth knowledge of IAM principles and technologies to manage digital identities and control user access and experience with Single Sign-On (SSO), Multi-Factor Authentication (MFA), and role-based access control (RBAC) systems to enhance security and operational efficiency.
• Understanding of Secure DevOps / CI/CD pipeline governance

Supervisory responsibilities

• No

You will be expected to understand the regulatory obligations of the firm, and abide by the regulated entity requirements and JHI policies applicable for your role.

At Janus Henderson Investors we’re committed to an inclusive and supportive environment. We believe diversity improves results and we welcome applications from candidates from all backgrounds. Don’t worry if you don’t think you tick every box, we still want to hear from you! We understand everyone has different commitments and while we can’t accommodate every flexible working request we’re happy to be asked about work flexibility and our hybrid working environment. If you need any reasonable accommodations during our recruitment process, please get in touch and let us know at [email protected].

Janus Henderson (including its subsidiaries) will not maintain existing or sponsor new industry registrations or licenses where not supported by an employee’s job functions (as determined by Janus Henderson at its sole discretion).

All applicants must be willing to comply with the provisions of Janus Henderson Investment Advisory Code of Ethics related to personal securities activities and other disclosure and certification requirements, including past political contributions and political activities. Applicants’ past political contributions or activity may impact applicants’ eligibility for this position. Janus Henderson is an equal opportunity /Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. All applications are subject to background checks.