Senior Analyst - IT GRC (Governance, Risk & Compliance)

Overview

• *Connecting clients to markets – and talent to opportunity.**

With 5,400\+ employees and over 80,000 institutional, commercial, and payments clients, we operate from more than 80 offices spread across six continents. As a Fortune 100, Nasdaq\-listed provider, we connect clients to the global markets – focusing on innovation, human connection, and providing world\-class products and services to all types of investors.

Whether you want to forge a career connecting our retail clients to potential trading opportunities, or ingrain yourself in the world of institutional investing, StoneX Group is made up of four business segments that offer endless potential for progression and growth.

• *Business Segment Overview**

• *Commercial**: With boots on the ground authenticity at the heart of everything we do, our comprehensive array of commercial products and services enable you to work directly with our clients, across hedging, risk management, execution and clearing, OTC products, commodity finance and more.

Working within the IT organization and reporting to the Senior Manager, Governance, Risk \& Compliance (GRC), the **IT Risk Management Senior Analyst** supports the execution and continuous improvement of the IT Risk Management Program. The role is responsible for coordinating IT risk management activities, ensuring accurate and timely risk reporting, and providing assurance that technology risks are effectively identified, assessed, monitored, and managed.

The **Senior Analyst** partners with stakeholders across the organization to collect, validate, and analyze risk and control data, enabling informed decision\-making and regulatory compliance. Leveraging expertise in governance, risk, compliance, and information security, the role helps maintain visibility into the organization's technology risk posture, supports compliance with regulatory requirements, and contributes to the effective management of emerging risks, including those associated with digital transformation, Artificial Intelligence, and M\&A activities.

Responsibilities

• Support the day\-to\-day operation and maturity of the IT Risk Management Program.
• Coordinate IT risk assessments, risk reporting, and risk remediation activities.
• Engage stakeholders to ensure risk and control data is complete, accurate, and consistently reported.
• Develop meaningful metrics, dashboards, and reporting to provide management with visibility into the organization's technology risk posture.
• Support compliance with regulatory, legal, and internal policy requirements, including evolving frameworks such as DORA.
• Collaborate with Information Security, Technology, and business teams to identify and assess emerging risks.
• Contribute to the continuous improvement of governance, risk management, and assurance processes.

Qualifications

• **Education**

+ Bachelor's degree in Information Technology, Information Security, Computer Science, Risk Management, Business Administration, or a related field.

+ Master's degree or relevant postgraduate qualification preferred.### **Experience**

+ 4–7 years of experience in IT Risk Management, Information Security, Governance, Risk \& Compliance (GRC), Internal Audit, or a related discipline.

+ Experience performing technology risk assessments, control evaluations, and risk reporting.

+ Familiarity with financial services regulatory environments and technology risk management practices.

+ Experience working with cross\-functional stakeholders to manage risk, compliance, and remediation activities.

+ Experience with GRC platforms and risk management tooling is preferred.### **Technical Knowledge**

+ Strong understanding of IT risk management frameworks and methodologies.

+ Knowledge of industry standards and frameworks such as

• NIST Cybersecurity Framework (CSF),NIST Risk Management Framework (RMF),ISO 27001/27005

+ Understanding of key technology risk domains, including

• Cybersecurity and information security
• Cloud computing
• Third\-party/vendor risk management
• Business continuity and operational resilience
• Artificial Intelligence and emerging technology risks
• Mergers \& Acquisitions (M\&A) technology integration risks### **Certifications (Preferred)**

One or more of the following

+ CRISC (Certified in Risk and Information Systems Control)

+ CISA (Certified Information Systems Auditor)

+ CISSP (Certified Information Systems Security Professional)

+ CGRC (Certified in Governance, Risk and Compliance)

+ CISM (Certified Information Security Manager)

+ ISO 27001 Lead Implementer or Lead Auditor### **Key Competencies**

+ Strong analytical and problem\-solving skills.

+ Ability to translate technical risks into business impact and actionable recommendations.

+ Excellent written and verbal communication skills.

+ Strong stakeholder management and influencing skills.

+ Ability to manage multiple priorities in a fast\-paced and evolving environment.

+ Attention to detail with a focus on data quality, reporting accuracy, and continuous improvement. **Work Arrangement**

+ Hybrid: **4 days'** work from office

+ Business hours: **UK Time Zone**

\#LI\-Hybrid