Cyber Risk Specialist

Requirements

• 5+ years’ experience in information security, cyber risk, GRC, audit, assurance, or a related discipline.
• Strong understanding of security frameworks and regulations such as ISO 27001, NIST, SOC 2, DORA, or similar.
• Experience coordinating audits, assurance activity, regulatory reviews, or control assessments.
• Strong written and verbal communication skills.
• Experience working with cross-functional teams, including technology, legal, compliance, and business stakeholders.
• Strong organisational skills and the ability to manage multiple workstreams.
• Familiarity with GRC platforms such as Drata, Vanta, ServiceNow GRC, Archer, or similar.
• Strong data literacy, including experience using dashboards, metrics, or raw data to support findings.
• Confidence driving small projects or workstreams independently.

Nice to Haves

• Experience in financial services, quantitative trading, investment management, or another highly technical environment.
• Familiarity with cloud platforms, infrastructure, software development, or third-party technology risk.
• Experience improving risk reporting, control testing, assurance workflows, or evidence management processes.
• Understanding of operational resilience, third-party risk, or regulatory technology expectations.

What You'll Be Doing

• Cyber Risk Management
  • Maintain and enhance the Information Security risk register as a live, decision-useful tool.
  • Work with stakeholders to assess, track, and manage risks across systems, processes, and third parties.
  • Develop clear, data-led risk narratives for leadership.
  • Track remediation actions and support risk-based prioritisation.
• Governance and Policy
  • Maintain and improve security policies, standards, and supporting documentation.
  • Align internal requirements with relevant frameworks, regulations, and business needs.
  • Ensure documentation is clear, current, and accessible to technical and business stakeholders.
  • Support practical and scalable security governance.
• Audit and Assurance
  • Coordinate external reviews, client assurance requests, regulatory enquiries, and internal audits.
  • Gather and validate evidence from technical and business teams.
  • Maintain assurance materials and evidence repositories.
  • Track findings and remediation actions through to closure.
• Compliance and Control Effectiveness
  • Support control assurance and testing activities.
  • Monitor adherence to internal policies, contractual commitments, and external obligations.
  • Help map controls to relevant frameworks such as ISO 27001, NIST, SOC 2, and DORA.
  • Identify control gaps and support pragmatic remediation.
• Training and Awareness
  • Contribute to targeted security awareness activities, particularly for technical teams.
  • Tailor security messaging for different audiences.
  • Track completion, engagement, and impact of awareness activities.
• Reporting and Insight
  • Develop concise dashboards and reports for leadership.
  • Highlight trends, control health, emerging risks, and areas requiring attention.
  • Use data to support findings, prioritisation, and decision-making.

Perks and Benefits

QRT is an equal opportunity employer. We value diversity as essential to our success and are committed to creating an environment where employees can work openly, respectfully, and collaboratively. In addition to supporting professional achievement, QRT offers initiatives and programmes designed to help employees maintain a healthy work-life balance.