IT Governance Risk & Compliance Analyst

Position Purpose: Working within the IT organization and reporting to the Manager of IT Vendor Risk Management, the Analyst is responsible to help support the day-to-day operations related to the Vendor Risk Management Program. You will assist with vendor risk analysis to ensure vendors have the proper cyber and data protection controls to minimize exposure risk to the firm.

Primary Accountabilities/Responsibilities: 

• Respond to incoming requests for vendor assessment submitted by business owners.
• Analyze and asses initial scope of exposure by meeting with business owners.
• Coordinate all information and document gathering with vendor point of contact.
• Review and analyze all vendor submitted evidence and artifacts to determine control posture.
• Finalize and issue recommendation and net risk score.
• Work with legal contracts team to assist with finalizing agreement to include appropriate security and data protection language.
• Tag vendor with appropriate risk tier to determine next reassessment date.
• Monitor vendors in Security Scorecard for real time monitoring and remediation follow up.
• Work with vendors to remediate BitSight or Security Scorecard vulnerabilities.
• Manage VRM lifecycle within the vendor risk management platform.
• Ensure that all policies and standards are regularly reviewed and updated to be in line with regulatory and control requirements.
• Design and implement an effective exception process to facilitate and manage requests for non-compliance with policies and standards.
• Coordinate with legal, compliance functions to ensure proper implementation of data privacy legislation and disclosure.
• Ensure that risk factors and events are addressed in a cost-effective manner and in line with business objectives.
• Manage tracking of identified findings and actions to closure and reporting to leadership.
• Ability to step into a team lead role in the future.

Job Requirements:

• Bachelor’s degree.
• Minimum of 2 to 5 years of relevant experience, preferably in financial services.
• Strong background in information technology with a clear understanding of the challenges of information security.
• Relevant experience in the GRC or Vendor Risk Management space. Good understanding of information security risk management frameworks such as ISO 27001, COBIT, NIST, NIST 800-53, etc.
• Strong written and verbal communication and presentation skills, and ability to work with all levels of the organization.
• Excellent leadership and teamwork skills.
• Team player with the ability to work independently.
• Resourceful, energetic, self-starter, flexible, goal-oriented
• Strong personal integrity

Preferred:

• Master’s degree
• Experience having implemented or worked with OneTrust Vendor Risk Management solution.
• Experience with Security Scorecard.
• Demonstrated understanding of secure, complex information systems’ environment in a global financial service sell side environment.
• Direct experience with regulatory compliance reviews and examinations.
• Current Information Security Certification (e.g. CISSP, CISM, CISA, or related security certification) preferred.
• Project and program management skills.
• Experience working with the Service Now vendor risk management module preferred.
• Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants and senior management.
• Ability to influence others.

StoneX (formerly known as INTL FCStone) is an institutional-grade financial services network that connects companies, organizations and investors to the global markets ecosystem through a unique blend of digital platforms, end-to-end clearing and execution services, high-touch service and deep expertise. We provide access to 36 derivatives exchanges, 175 foreign exchange markets, nearly every global securities marketplace and a number of bi-lateral liquidity venues. We deliver this access with support throughout the entire lifecycle of a trade – from consulting and “boots-on-the-ground” intelligence, to best execution, to post-trade clearing, custody and settlement. In these ways, StoneX enables clients to use the global markets ecosystem to achieve their business goals through one trusted partner. We currently serve more than 30,000 commercial, institutional and payments clients, and more than 125,000 retail clients across more than 130 countries. Our clients use our institutional-grade digital platforms, our high-touch service, and our market intelligence to pursue trading opportunities, make investments efficiently, manage their market risks, and improve their business performance. Our relentless focus on helping them accomplish these objectives has enabled us to build deeply valued, long-term relationships based on guidance, integrity, transparency and trust.

StoneX Group Inc. is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.