FactSet creates flexible, open data and software solutions for over 200,000 investment professionals worldwide, providing instant access to financial data and analytics that investors use to make crucial decisions.
Locations: Norwalk, CT | New York City
Working Environment: Hybrid
The Information Security team at FactSet drives cybersecurity governance, risk, and compliance activities across the Technology organization. The team is responsible for ensuring that technology systems, infrastructure, and projects are effectively designed, managed and optimized to meet security and regulatory requirements. This includes promoting cross-functional collaboration to identify and remediate cyber risks consistently and reporting KRIs and KPIs.
What You’ll Do:
- Develop and implement an Information Security GRC strategy, aligning with business objectives, risk tolerance, security frameworks, and regulatory requirements, providing both short‑term and long‑term roadmaps.
- Manage the lifecycle of security policies, standards, and procedures to comply with regulations and industry standards, including SOX, SOC2, ISO 27001, and DORA.
- Oversee the implementation and management of the Security GRC platform to enhance visibility into organizational risk and compliance, while providing actionable intelligence on vendor and customer‑facing security posture.
- Lead and mature the third‑party risk management and customer trust processes, including onboarding, risk assessments, audits, security documentation, and remediation efforts.
- Define and monitor key risk and compliance indicators (KRIs/KPIs), implementing continuous monitoring to ensure vendor performance, customer assurance, and policy adherence are in line with program effectiveness and accountability.
- Coordinate and support comprehensive technology audits and collaborate with external auditors to meet audit requirements and timelines, managing assessments of IT general controls and maintaining the enterprise cyber risk register.
- Foster a cyber‑aware culture by implementing training programs, managing a Security Culture Framework, and building a high‑performing GRC team through leadership, mentoring, and development.
- Partner with IT, security, and compliance teams to provide insights and guidance on risk mitigation strategies, control enhancements, and findings remediation, while communicating audit findings and recommendations to senior management.
- Prepare and present regular reports to the executive team on GRC posture and initiatives, leveraging automated audit tools and data analytics for improved audit efficiency and insights.
Qualifications:
- Bachelor’s degree in information technology, Computer Science, or a related field. Master’s degree preferred.
- 15+ years of experience in information security focusing on governance, risk and compliance domains.
- Strong knowledge of IT risk assessment, IT General Controls, NIST framework, and other compliance frameworks.
- Hands‑on experience with third‑party risk management programs, encompassing vendor assessments, contract clauses, remediation tracking, and customer trust initiatives.
- In‑depth understanding of application, endpoint, network, cloud and infrastructure security controls to validate control design and drive mitigation of identified gaps.
- Expertise in deploying and managing GRC and automation platforms, and effectively translating risk data into executive dashboards and meaningful KRIs/KPIs.
- Familiarity with AI tools and trends such as generative and agentic AI, with a willingness to creatively apply emerging technologies to address identified risks.
- Strong leadership and interpersonal skills, with the ability to coach and grow the GRC team, set clear objectives, and foster collaboration across functions and levels.
- Proven ability to partner with Legal, Procurement, Technology, Compliance, Product, and Engineering teams to integrate security policies and standards into business processes.
- Professional certifications such as CISA or CISSP strongly preferred.
Compensation:
Base salary: $185,000–$220,000 (state of Connecticut and NYC).
US applicants must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
What’s In It For You:
- The opportunity to join a growing firm with a proven track record of success for over 40 years.
- Mentorship and growth opportunities from senior employees.
- Career progression planning and a focus on career development, with dedicated time each month for conference attendance, online learning seminars, and networking.
- A robust social community dedicated to volunteerism, intramural sports, and team‑building events.
- Business resource groups that align with our company value of "Always Inclusive," designed to foster a welcoming and supportive environment for all.
- Learn more about our benefits here.
Qualified applicants will be considered for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, disability, protected veteran status or other characteristics protected by law. FactSet participates in E‑Verify.
#J-18808-Ljbffr