IT Governance Specialist at StoneX Group

Krakow, Lesser Poland Voivodeship, Poland -

Full Time

Start Date

Immediate

Expiry Date

18 May, 26

Salary

0.0

Posted On

17 Feb, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Risk Assessment, Control Effectiveness, Risk Management, Information Security, Risk Reporting, Data Analysis, Control Design Evaluation, Risk Treatment, Risk Register Maintenance, Remediation Tracking, Cyber Threats Analysis, Governance, Assurance Activities, IT Risk, GRC

Industry

Financial Services

Description

Overview Connecting clients to markets – and talent to opportunity. With 4,500+ employees and over 300,000 commercial, institutional, payments, and retail clients, we operate from more than 70 offices spread across six continents. As a Fortune 100, Nasdaq-listed provider, we connect clients to the global markets – focusing on innovation, human connection, and providing world-class products and services to all types of investors. Whether you want to forge a career connecting our retail clients to potential trading opportunities, or ingrain yourself in the world of institutional investing, StoneX Group is made up of four business segments that offer endless potential for progression and growth. Responsibilities Position Purpose: Working within the IT organization and reporting to the Senior Manager of GRC, the Senior IT GRC Risk Analyst leads and supports IT and information security risk and assurance activities. The role focuses on performing and reviewing risk assessments, identifying and evaluating risk scenarios, and supporting ongoing risk management efforts. The Senior Analyst analyzes data from multiple systems to assess control effectiveness and produces risk-based reporting that informs leadership on risk posture, emerging issues, and the overall effectiveness of the Information Security program. Primary duties will include: Lead the identification, assessment, and ongoing monitoring of IT and information security risks, ensuring risks are evaluated in the context of business objectives and risk appetite. Analyze risk scenarios, emerging technology and cyber threats, and control effectiveness to support risk-informed decision-making and prioritization. Perform and oversee IT and cyber risk and control assessments, including evaluating control design and operating effectiveness for key systems and processes. Identify control weaknesses and risk issues, assess potential impact and likelihood, and recommend appropriate risk treatment options. Determine when control deficiencies and issues meet defined risk thresholds and ensure risks are accurately recorded and maintained in the risk register. Monitor and challenge remediation activities, tracking risk reduction and residual risk through to closure. Provide clear, risk-based reporting and insights to leadership and governance forums on risk posture, trends, and material exposures. Collaborate with internal audit, external audit, and other assurance functions to align risk assessments, evidence standards, and issue management outcomes Qualifications To land this role you will need: Proven experience leading IT and cyber risk assessments, including evaluating control design and operating effectiveness, identifying control gaps, and maintaining accurate risk register documentation aligned to defined risk thresholds. Strong analytical capability to assess complex risk scenarios, emerging technology and cyber threats, and control effectiveness, translating findings into clear, risk-informed recommendations that support business decision-making and prioritization. Demonstrated ability to challenge and track remediation activities through to closure, while delivering concise, risk-based reporting to leadership and collaborating effectively with internal and external assurance stakeholders. Education / Certificates: Bachelor's degree CISSP or CISM (not mandatory) Working environment: Hybrid; our Cracow office is located at Mogilska 35 street. Parking space for employees.

Responsibilities

The Senior IT GRC Risk Analyst leads and supports IT and information security risk and assurance activities, focusing on performing and reviewing risk assessments and evaluating risk scenarios. Primary duties involve leading risk identification, analyzing control effectiveness, and producing risk-based reporting to inform leadership on risk posture and program effectiveness.