Information Security Governance, Risk, and Compliance; GRC Specialist

Why work for us?

A career at Janus Henderson is more than a job, it’s about investing in a brighter future together.

Janus Henderson’s mission is to help clients define and achieve superior financial outcomes through differentiated insights, disciplined investments, and world‑class service. We do this by protecting and growing our core business, amplifying our strengths and diversifying where we have the right.

Clients Come First – Always | Execution Supersedes Intention | Together We Win | Diversity Improves Results | Truth Builds Trust

• Develop and maintain comprehensive cybersecurity policies and procedures.
• Ensure these policies align with industry standards and regulatory requirements.
• Assist in the integration of security practices and controls across various technical and non‑technical departments, enhancing workflow and operational processes.

• Conduct regular risk assessments to help identify vulnerabilities and threats.
• Collaborate and oversee the implementation of risk mitigation strategies.
• Monitor emerging threats and evolving technologies to continuously refine risk assessment protocols.
• Design and evaluate control metrics for assessing the effectiveness of cybersecurity measures.
• Collaborate with Enterprise Risk Management to embed cyber risk into broader risk registers and board‑level reporting.

• Monitor and ensure compliance with internal policies, industry standards, and regulatory requirements.
• Engage with required stakeholders in Technology, Legal, Compliance and Internal Audit as required.
• Compile and deliver detailed compliance reports to senior management.
• Monitor upcoming regulations and prepare compliance roadmaps.

• Support and enhance engaging cybersecurity awareness training programs.
• Foster a company‑wide culture of cybersecurity awareness.
• Keep current with the latest cybersecurity trends and best practices to inform training content and security measures.
• Train and guide wider tech team members on best practices in cybersecurity risk management.

• Actively participate in the response to security incidents.
• Support post‑incident evaluations and reporting.
• Collaborate with relevant stakeholders to devise and enforce corrective measures aimed at bolstering defences against future incidents.

• Maintain clear and effective communication with stakeholders at all levels.
• Provide expert guidance on cybersecurity best practices.
• Work collaboratively with Technology and other departments to achieve comprehensive security objectives.

• Bachelor’s Degree in Information Technology, Cybersecurity, or a related field; equivalent work experience also considered.
• 3 to 5 years of professional experience in information security.
• Certification such as Certified Information Systems Security Professional (CISSP) strongly preferred.
• Deep understanding of cybersecurity principles, frameworks (such as NIST, ISO/IEC 27001), and compliance standards.
• Experience with financial service regulations and regulations such as FCA, SEC, MAS, DORA.
• Proficient knowledge of network security principles and controls such as firewalls, IPS/IPD, TCP/IP, DHCP, and DNS.
• Extensive experience in securing operating systems such as Windows, UNIX/Linux and Mac systems, including security access rights, implementing configuration best practices.
• Knowledge of cloud service models (IaaS, PaaS, SaaS) and deployment models (public, private, hybrid, community) and experience in implementing and managing cloud security best practices.
• In‑depth knowledge of IAM principles and technologies to manage digital identities and control user access, and experience with Single Sign‑On (SSO), Multi‑Factor Authentication (MFA), and role‑based access control (RBAC) systems to enhance security and operational efficiency.
• Understanding of Secure Dev Ops/CI/CD pipeline governance.
• No supervisory responsibilities.

You will be expected to understand the regulatory obligations of the firm, and abide by the…