Excited to grow your career? Our purpose is to make it easy for people to save and invest for a better future. We are looking for great people to join us, so please come and invest in YOUR future at HL. We know that sometimes people can be put off applying for a job if they don't tick every box. If you're excited about working for us and have most of the skills or experience we're looking for, please go ahead and apply. We'd love to hear from you! About the role An exciting opportunity has arisen to join our InfoSec team as a Security GRC Analyst, to assist in the delivery of security compliance assurance to frameworks such as PCI-DSS and NIST Cyber Security Framework. You will be managing security governance processes including Third Party Security Risk Management, and delivering controls assurance. What you'll be doing Assisting in meeting compliance requirements within HL, such as PCI-DSS and in line with frameworks such as SWIFT CSCF, CSA CCM and NIST CSF. Assist with the technical security aspects of third-party security risk by conducting security due diligence and risk assessments for vendors, suppliers, partners, and contractors. Develop and mature processes and procedures for third party security risk management, including due diligence and third-party incident management. Work closely with stakeholders to provide advice in relation to third party information security risks, recommending risk mitigation strategies and/or advising on risk exceptions based on the business' risk appetite. Driving policy & standard governance processes including creating new policies and standards where required. Managing framework alignments, identifying gaps and engaging stakeholders to remediate. Managing Security process documentation including review scheduling. Maintaining the program of remediation for audit and assessment findings, including updating of task status, reporting of progress and escalation of issues and identifying opportunities for improvement. About you Proven experience in an Information Security role with a strong background in risk and compliance. Ideally experience must have been gained within a regulated industry with experience of securing cloud environments such as AWS & Azure. Must be experienced in liaising with stakeholders at all levels and be confident in influencing business areas to meet compliance requirements. Demonstrable experience of working with compliance and risk management in a NIST CSF (Preferable) or ISO27001 aligned environment, along with an understanding of PCI-DSS. Experience in managing supply chain risk, including due diligence, risk escalation and treatment. Good writing capabilities, analytical skills, including demonstrated experience identifying and communicating opportunities for improvement. Experience of identifying, articulating, managing and reporting Information Security risks and an understanding of risk management practices, aligned with industry best practice. Experience of creating, reviewing and updating Information Security related policies, procedures and standards. Interview process This will be a two-stage interview process consisting of an introductory conversation and competency based interview. Working Schedule We are based in Bristol, BS1 5HL. This role is permanent, full time, 37.5 hours per week, Monday to Friday. We have returned to the office, however for this role we offer a flexible working pattern to enable you the option of working from home and coming into the office around once a month. Why us? Here at HL, we're the UK's number 1 investment platform for private investors, based in Bristol. For more than 40 years we've helped investors save time, tax and money on their investments. To achieve our mission, we believe we have a workplace like no other, with constant learning, dynamic teams, and a great ethos. We're steered by core values that promote service, quality, innovation, and opportunity in everything we do. What's on offer? Discretionary annual bonus* and annual pay review 25 days* holiday plus bank holidays and 1-day additional Christmas closure Option to purchase an additional 5 days holiday Flexible working options available, including hybrid working Enhanced parental leave Pension scheme up to 11% employer contribution Income Protection and Life insurance (4 x salary core level of cover) Private medical insurance* Health care cash plans - including optical, dental, and out patientcare Health screening programme Help@hand - confidential support including mental health counselling and remote GP Wellhub - unlimited access to fitness providers and wellness coach sessions Variety of travel to work schemes with bike storage and shower facilities Inhouse barista and deli serving subsidised coffee and sandwiches Two paid volunteering days per year * dependant on role level only available to select during our annual benefits window, in November each year Hargreaves Lansdown is an inclusive employer that values diversity in its workforce. We encourage applications from all individuals without regard to race, religion, gender, sexual orientation, national origin, disability or age. This role may also be available on a flexible working or part time basis - please ask the Recruitment & Onboarding team for more information. Please note, we are unable to provide employment sponsorship to candidates. HLI