Job Description
We're now recruiting an Information Security GRC Manager to support the Senior Manager and Chief Information Security Officer in managing and reporting the Information Security Risks faced by Technology Services and Business teams in delivering AJ Bell’s systems and services.
The Information Security GRC Manager, will work with the business and the wider information security team to ensure the appropriate controls, policies and procedures are in place to protect AJ Bell in-line with industry best practice and regulatory legislation.
In addition, this role will support the coordination and response to activities affiliated with external/internal IT audits as well as due diligence exercises requested by our external business partners and those we perform on our suppliers.
The key responsibilities of the role are:
1. Development and delivery of information security policy aligned to industry recognised frameworks (typically ISO27001/2)
2. Exception to policy process management and reporting
3. Management reporting on the status of Information Security and the security change programme.
4. Partner with Business and Technology teams, to develop and track remediation plans for identified risks and issues.
5. Supporting and developing the evaluation of the security posture for key Third Parties, to ensure that they are in line with the desired security posture required by AJ Bell.
6. Undertaking risk profiling of AJ Bell’s information and technology assets
7. Ensure that all duties are carried out with the aim of protecting customers and improving customer experience.
8. Supporting and enabling the business to achieve its regulatory requirements, including consumer duty.
Technical skills
9. Strong understanding and knowledge of Information Security risk management tools and techniques
10. Experience of Information Security standards and frameworks
11. Awareness and understanding of the Information Security threat landscape
12. Awareness of Information Security solutions e.g. email / web gateways, SIEM, Endpoint protection etc.
13. Strong understanding of IT General Controls frameworks
14. Awareness of Operational Risk Management and Risk & Control Self-Assessment (RCSA) processes
Competence, knowledge and skills
15. Experience working within recognised Information Security frameworks and best practices such as ISO27001, NIST etc.
16. Minimum 5 years’ experience in an Information Security role gained in a financial services environment is preferred
17. Self-motivated, professional, tenacious and enthusiastic
18. Strong ownership of tasks, attention to detail and following through to conclusion
19. Ability to challenge approach, strategy and implementation to ensure Information Security is consistently considered and improved
20. Ability to work under own initiative to plan and communicate effectively with colleagues and customers
21. Structured, self-starting, flexible and enjoy working in fast-paced environments
22. Effective communication skills, both written and verbal
23. Ability to plan, organise and follow through on assigned tasks and complete with little or no prompting from management
24. Ability to learn and develop new skills and take on new challenges
25. Excellent attention to detail
26. Attained or working towards CISM certification
About Us
AJ Bell is one of the fastest-growing investment platform businesses in the UK offering an award-winning range of solutions that caters for everyone, from professional financial advisers to DIY investors with little to no experience. We have over 644,000 customers using our award-winning platform propositions to manage assets totalling more than £103.3 billion. Our customers trust us with their investments, and by continuously striving to make investing easier, we aim to help even more people take control of their financial futures.
Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company.
Headquartered in Manchester with offices in central London and Bristol, we now have over 1,500 employees and have been named one of the UK's 'Best 100 Companies to Work For’ for six consecutive years and in 2024 and 2025 named a Great Place to Work®.
At AJ Bell you can expect a friendly working environment with a strong sense of teamwork, we have a great sense of pride in what we do, and this is reflected in our guiding principles.
What we offer:
27. Competitive starting salary
28. Starting holiday entitlement of 27, increasing up to 31 days with length of service and a holiday buy and sell scheme
29. A choice of pension schemes with matched contributions up to 8%
30. Discretionary bonus scheme
31. Annual free share awards scheme
32. Buy As You Earn (BAYE) Scheme
33. Health Cash Plan – provided by Simply Health
34. Discounted private healthcare scheme and dental plan
35. Free gym
36. Employee Assistance Programme
37. Bike loan scheme
38. Sick pay+ pledge
39. Enhanced maternity, paternity, and shared parental leave
40. Loans for travel season tickets
41. Death in service scheme
42. Paid time off for volunteer work
43. Charitable giving opportunities through salary sacrifice
44. Calendar of social events, including monthly payday drinks, annual Christmas party, summer party and much more
45. Personal development programmes built around you and your career goals, including access to personal skills workshops
46. Monthly leadership breakfasts and lunches
47. Casual dress code
48. Access to a range of benefits from our sponsorship deals
Hybrid working:
At AJ Bell, our people are the heart of our culture. We believe in building strong connections by working together. That's why we offer a hybrid working model, where you'll spend 3-4 days per week in the office. For new team members, the first 3 months will be spent full-time in the office to help you immerse yourself in our business and build valuable relationships with your colleagues.