Lead InfoSec GRC Manager - Schroders

Job Description

Who we're looking for

We are seeking an experienced technology risk or information security professional to join our team at Schroders. This role involves collaboration across various disciplines with a particular emphasis on securing our digital footprint, as well as third-party and supply chain risk. Experience using AI and automation to improve data quality, mapping, and incident assessment including Nth-party risk is highly desirable as well as enabling secure and compliant code releases.

The ideal candidate will have a proven track record in stakeholder engagement, audit interactions, and aligning security requirements with business objectives. This role will be pivotal to enhance Schroders' digital resilience and assurance across our technology and supply chain ecosystems.

The team

At Schroders, technology is not just about systems and tools - it is about collaboration, solving problems that support our business and deliver high-quality outcomes. We value excellence and actively encourage innovation in all that we do. The global Information Security function safeguards our business by effectively managing risks to our information assets in an ever-evolving threat and technology landscape. This is achieved through specialist teams focused on Cyber Security, Architecture, Engineering, Governance, Risk and Compliance, and the Information Security Change Programme. Reporting directly to the Head of InfoSec GRC and Technology Risk, you will play an active role in developing, questioning, and delivering our shared vision.

What you'll do

Sitting within the InfoSec GRC and Technology Risk team, the role requires dynamic and forward-thinking person committed to safeguarding the security, resilience, and integrity particularly of our digital environment including the protection of our supply chains. In this continuously evolving environment, you will establish robust controls and processes. Leveraging AI and automation, you will proactively identify and mitigate threats and utilise tooling to enhance assurance and management reporting.

Key Responsibilities:

• Working alongside the Lead Infosec TPRM Manager, develop, maintain, and automate the infosec Third-Party Risk Management framework ensuring alignment with regulatory requirements, international standards, and best practice frameworks such as the NCSC's Principles of Supply Chain Security.
• Champion the automation of data mapping and leverage AI solutions to improve data visibility, enhance vendor oversight, and increase efficiency in risk management processes.
• Collaborate across Procurement, Compliance, Legal, IT, wider business units, and third parties to define requirements, meet contractual and regulatory obligations, and maintain strong supplier assurance practices.
• Communicate clearly and effectively on complex technology, supply chain, and governance issues, translating technical risk into business impact for diverse audiences.
• Oversee identification, analysis, and assessment of information security and technology risks to ensure consistent risk management aligned with regulatory and internal policies.
• Deliver robust controls governance through the implementation, monitoring, and continuous enhancement of control assurance processes to ensure effective risk mitigation and compliance.
• Secure the firm's digital footprint by overseeing regular external and internal penetration tests, secure code scanning, and exposure management to proactively identify and address vulnerabilities across systems, applications, and online assets.
• Own the exception management process, overseeing the identification, documentation, approval, and monitoring of security exceptions to ensure appropriate risk acceptance and mitigation.
• Automate and enhance the code release process by integrating security checks, exposure management, and controls to ensure software deployments are secure, efficient, and compliant.
• Mentor and develop team members, fostering a strong risk-aware culture and enabling continuous professional development.
• Act as a senior escalation point for complex risk, compliance, or security issues, and drive ongoing improvement and automation initiatives across the function.

The knowledge, experience, and qualifications you need

• Background in technology risk management or information security within the financial services or insurance sector, with strong expertise in third-party (vendor) risk management and assurance.
• Understanding of risk and control frameworks (such as COBIT, ISF, NIST CSF), operational resilience, third-party risk, and key regulatory requirements such as but not limited to DORA and GDPR.
• Skilled in engaging both business and technical stakeholders, presenting risk insights to senior leadership, and clearly articulating complex issues.
• Demonstrated ability to operationalise controls, monitor digital security, and implement effective security processes to meet business and regulatory demands.
• Proficient in designing, leveraging AI and automation to streamline assessments, improve data quality, support incident analysis, and enhance risk management activities.

The knowledge, experience and qualifications that will help

• Degree in a relevant discipline and/or professional certifications such as CISSP, CISM, CRISC, CISA, or CISSP-ISSMP.
• Understanding of control reporting regimes such as SSAE16, ISAE 3402/AAF, or SOX, and their application to regulatory and privacy requirements.
• Exposure to operational resilience within technology environments, especially IT-managed services related to cyber and tech risk.
• Appreciation of emerging technologies, including cloud computing and AI/automation, and practical experience with risk monitoring tools or dashboards.
• What you'll be like
• Analytical, tenacious, and solutions-oriented, seeing issues through to resolution.
• A collaborative relationship builder, adept at fostering trust with colleagues, stakeholders, and partners.
• Inspiring and empowering as a leader, supporting professional growth and motivating teams to embrace innovation and change.
• Adaptable, able to manage multiple priorities in a fast-paced, evolving environment.
• Naturally inquisitive, confident in challenging existing approaches, and committed to driving improvement and influencing positive outcomes.
• Dedicated to continuous personal and professional development.

We're looking for the best, whoever they are

Our purpose is to provide excellent investment performance to clients through active management. Diversity of thought facilitated by an inclusive culture will allow us to make better decisions and better achieve our purpose. This is why inclusion and diversity are a strategic priority for us and why we are an equal opportunities employer: you are welcome here regardless of your age, disability, gender identity, religious beliefs, sexual orientation, socio-economic background, or any other protected characteristics.

About Us

We're a global investment manager. We help institutions, intermediaries and individuals around the world invest money to meet their goals, fulfil their ambitions, and prepare for the future.

We have around 6,000 people on six continents. And we've been around for over 200 years, but keep adapting as society and technology changes. What doesn't change is our commitment to helping our clients, and society, prosper.