Job Description

GRC Manager is responsible for the overall execution of Trayport's Information Security Governance, Risk and Compliance programme under the guidance of the Head of Information Security. The role will primarily entail managing policies & standards incl. Training & Awareness deliverables, performing risk assessments, tracking of security risks of the Information Security Office and organisation as well as maintaining and managing the ISO27001 certification and ensuring there is appropriate governance & reporting on outputs and risk posture to stakeholder groups.
Primary ResponsibilitiesExecute the UK and EU GRC Strategy, ensuring compliance with GDPR, UK Data Protection Act 2018, and other regional privacy laws. Maintain information security policy and security standards Oversee risk management processes including risk identification, assessment, controls, weaknesses, mitigation and reporting. Develop and deliver concise, data driven risk and compliance reporting for senior management/ stakeholders, highlighting trends, emerging risks & mitigation strategies. Manage and support audits including customer, internal and external (standards auditors) including preparation, execution and remediation tracking. Maintain documentation and evidence of certifications and attestations Maintain key standards such as ISO 27001, adding business value. Recruit, Manage, coach and develop the Risk & Compliance team, setting clear goals & objectives, cultivating an inclusive culture of accountability, continuous learning and collaboration. Proactively participate as senior member and leader within the ISO leadership team contributing to overall strategy, engagement, team dynamic and programmes within ISO. Act as a trusted advisor to executive and SME stakeholders, providing actionable insight and guidance to support risk-aware decision making. Partner with Legal, Privacy, Procurement, Development, IT and other functions to embed security, governance and compliance into products, systems, processes and services. Champion and scale security awareness and governance training programs to build a strong, security-first culture across Trayport. Own the development, communication and maintenance of security policies, ensuring alignment with evolving threats and compliance needs. Maintain Key Performance Indicator reports summarising the status of identified security issues.

Additional responsibilitiesBuild relationships with teams across Trayport and TMX Group to ensure smooth execution of the security requirements across disciplines. Represent Trayport security requirements in TMX central quorum forums such as AI Committee, Business Continuity & Operational Resilience and Risk/ Compliance Boards. Ability to influence and gain credibility with the business teams across the organisation. Keep up to date with emerging legal, regulatory and industry standards. Liaise with external suppliers to ensure smooth delivery of their work.

Required skillsGood knowledge of ISO 27001, NIST CSF, NIS 2.0 Legal and Regulatory requirements across UK and Europe incl. GDPR. Supporting knowledge of CIS controls. Familiarity with cloud platforms: AWS, Azure or GCP. Track record of delivering actionable risk reporting and advisory support to executive teams, influencing strategic decision-making. Experience in leading customer audits and managing audit responses. Excellent communication skills (oral and written), with the ability to present complex risk and compliance information clearly to senior leadership and stakeholders. Strong analytical and critical thinking skills, capable of identifying risks, evaluating controls, and recommending effective mitigation strategies - Detail-oriented with proactive approach to risk and compliance. Proven ability to balance control and creativity with problem solving abilities - tailoring governance frameworks that fit the business. Experience in integrating risk management processes into business operations, including supplier and third-party risk assessments. Agile and self-motivated learner. Teamwork - able to work with other people in a collaborative manner. Pragmatism - able to identify compromises that meet multiple, sometimes conflicting, stakeholder needs. Ability to work independently and influence cross-functional teams.

Required qualificationsBachelors level degree

Desirable qualificationsISO27001 Lead Implementer or Lead Auditor Certified Information Systems Audtior (CISA) - ISACA Certified Information Security Manager (CISM) - ISACA CompTIA Security+ ITIL, COBIT or similar governance frameworks Other relevant certifications in cyber security or IT governance

Trayport is committed to creating and sustaining a collegial work environment in which all individuals are treated with dignity and respect and one which reflects the diversity of the community in which we operate. We provide accommodations for applicants and employees who require it.

About Us


Our Culture:
At Trayport, our people power our success. We are a place where talented people never stop learning, innovating and working together to make an impact!



We offer you more than a job - we offer you the opportunity to work with, and learn from the most respected industry and thought leaders in the business. We're always pushing the boundaries, rapidly expanding our global presence across London, Vienna, Singapore, Bremen and North America.



At Trayport, we understand that our people are crucial to our future. We strive to provide a challenging and inspirational atmosphere; employing intelligent, enthusiastic, adaptable individuals and giving them the

freedom, training, and guidance to allow them to consistently achieve their potential.



If you share our vision and are motivated to challenge the status quo - we want to hear from you!