Job Specifications
Job Description
Who we’re looking for
This is an excellent opportunity for someone who enjoys engaging with a broad range of IT disciplines and stakeholders and thrives in a collaborative team environment. As part of the Cyber Governance and Tech Risk team, reporting to the InfoSec GRC Lead, the successful candidate will be responsible for GRC activities, with a particular emphasis on Third Party Risk Management (TPRM) and Exception Management. Key responsibilities include overseeing access management for external staff, supporting the management of third-party cyber incidents within the supply chain, and enhancing supporting data related to supply chain risk. The role will also involve managing the Exception Management processes to ensure robust review and effective challenge of approval requests.
About Schroders
We’re a global investment manager. We help institutions, intermediaries and individuals around the world invest money to meet their goals, fulfil their ambitions, and prepare for the future.
We have around 5,000 people on six continents. And we’ve been around for over 200 years but keep adapting as society and technology changes. What doesn’t change is our commitment to helping our clients, and society, prosper.
The team
At Schroders, our IT is not just focused on technology; it's about leveraging cutting-edge technology to solve problems, support the business, and deliver high-quality solutions. We foster a culture of innovation and strive for excellence in everything we do. Our IT function operates globally but is managed locally, allowing us to develop and implement systems and processes across our international offices.
Within Schroders, the Global Information Security function plays a crucial role in ensuring the safe operation of our business in a constantly evolving threat and technological landscape. The function consists of dedicated teams responsible for Cyber Security and Operations, Threat Intelligence, Governance Risk and Compliance, Technology Risk, as well as the Information Security Change Programme. These teams work together to effectively manage the risks to our information assets and enable our business to operate securely.
What You’ll Do
Work closely with the Global Information Security team to assess the effectiveness of controls, identify gaps, risk rate findings, and support mitigation planning.
Support the Third-Party Risk Management (TPRM) framework, including the management of escalations and remediation activities.
Run the exception management processes to ensure issues and approvals are appropriately tracked and reviewed.
Translate technical cyber risk topics into clear, business-friendly language for non-technical stakeholders.
Liaise with the business and key stakeholders to perform assessments and identify risk exposures.
Oversee supply chain due diligence, manage findings, and communicate issues to relevant stakeholders for resolution.
Ensure that resilience requirements and considerations are appropriately integrated into TPRM activities.
Oversee reporting and management information (MI) on risk reduction progress and remediation status.
Respond to client security questionnaires, RFIs, RFPs, and audit requests as needed.
Document and design workflows to support a range of information security activities.
The Knowledge, Experience, And Qualifications You Need
Strong stakeholder engagement skills, enabling effective collaboration across Information Security and Global Technology teams.
Sound understanding of risk management, particularly regarding cyber threats and regulatory requirements – with a specific knowledge on the cyber TPRM and supply chain risk.
Demonstrated ability to analyse risks or gaps and manage their remediation through to resolution. Proven track record in managing exception requests and effectively articulating risk to the user community.
Familiarity with the NIST Cybersecurity Framework, ISO27001 and operational resilience.
Willingness to learn and develop governance, risk, and compliance (GRC) skillsets.
A continuous improvement mind-set challenges the status quo and seeks personal development.
Excellent verbal and written communication skills.
An information security qualification (such as CISSP, CISM, or similar) is beneficial but not essential.
Experience with AI tools and ServiceNow is an advantage.
We Recognise Potential, Whoever You Are
Our purpose is to provide excellent investment performance to clients through active management. Diversity of thought facilitated by an inclusive culture will allow us to make better decisions and better achieve our purpose. This is why inclusion and diversity are a strategic priority for us and why we are an equal opportunities employer: you are welcome here regardless of your age, disability, gender identity, religious beliefs, sexual orientation, socio-economic background, or any other protected characteristics
About Us
We're a global investment manager. We help institutions, intermediari
About the Company
As a global investment manager, we help institutions, intermediaries and individuals across the planet meet their goals, fulfil their ambitions, and prepare for the future. But as the world changes, so do our clients’ needs. That’s why we have a long history of adapting to suit the times and keeping our focus on what matters most to our clients.
Doing this takes experience and expertise. We bring together people and data to spot the trends that will shape the future. This provides a unique perspective which allows us to alw...
Know more