Job Overview
Role Overview
- Job Title: Information Security Engineer – GRC
- Department: Information Security
- Team: Governance, Risk, and Compliance (GRC)
- Experience Level: Mid-Level (3–5 years)
- Employment Type: Full-Time
Position Summary
We are seeking a dedicated and collaborative Information Security Engineer to join our growing Governance, Risk, and Compliance (GRC) team. In this role, you will play a pivotal part in maintaining, maturing, and auditing our information security management framework.
The ideal candidate has 3–5 years of direct experience within an InfoSec GRC function and thrives in a team-oriented environment. You will be responsible for ensuring our policies remain up-to-date, driving our ISO 27001 certification lifecycle, and executing core compliance operations like user access reviews, exception management, and security awareness programs.
Key Responsibilities
Governance & ISO 27001 Management
- ISMS Governance: Manage and maintain our ISO 27001 Information Security Management System (ISMS) to ensure continuous compliance.
- Audit Facilitation: Lead internal security audits and act as a point of contact for external certification audits.
- Policy Management: Regularly review, update, and draft information security policies, standards, and procedures to align with evolving regulatory landscapes and business needs.
GRC Operations & Risk Management
- Access Governance: Coordinate and oversee periodic user access reviews across critical systems.
- Exception Management: Evaluate, log, and monitor security policy exceptions, ensuring compensating controls are effectively implemented and tracked.
- Risk Culture: Administer the company-wide security awareness training program and orchestrate routine phishing simulations to strengthen our human firewall.
Collaboration & Communication
- Partner closely with cross-functional teams (IT, Legal, HR, and Engineering) to embed security compliance into daily operations.
- Translate complex compliance requirements into actionable, easy-to-understand guidance for non-technical stakeholders.
Job Requirements
Required Experience & Skills
- Experience: 3–5 years of proven experience specifically within an Information Security GRC role.
- ISO 27001 Expertise: Hands-on experience managing an ISO 27001 ISMS, including active participation in both internal and external certification audits.
- Core GRC Competencies: Direct experience executing user access reviews, phishing simulations, security training, and policy exception workflows.
- Communication: Exceptional verbal and written communication skills, with the ability to document clear policies and present findings to various business units.
- Soft Skills: A strong team player with a highly collaborative mindset, excellent problem-solving abilities, and a proactive approach to security culture.
Preferred Qualifications (Nice-to-Have)
- Relevant industry certifications (e.g., ISO 27001 Internal/Lead Auditor, CISA, CRISC, Security+, or CISM).
- Experience with the ISO 42001 AIMS standard.
- Experience utilizing GRC automation platforms/tools.
Why Join Us?
You will join a supportive, forward-thinking security team where your voice matters. We believe in continuous learning, cross-training, and giving our engineers the autonomy to drive meaningful improvements to our security posture.
Our benefits include:
- Health & Wellness: Health care coverage designed for the mind and body.
- Flexible Downtime: Generous time off helps keep you energized for your time on.
- Continuous Learning: Access a wealth of resources to grow your career and learn valuable new skills.
- Invest in Your Future: Secure your financial future through competitive pay, retirement planning, a continuing education program with a company-matched student loan contribution, and financial wellness programs.
- Family Friendly Perks: It’s not just about you. OSTTRA has perks for your partners and little ones, too, with some
- best-in class benefits for families.
About OSTTRA
Launched in 2021, OSTTRA unites four businesses that have been at the heart of post-trade evolution and innovation for over 20 years: MarkitServ, Traiana, TriOptima and Reset.
With an outstanding track record of developing and supporting critical market infrastructure, our combined network connects thousands of market participants to streamline end to end workflows – from trade capture at the point of execution, through portfolio optimisation, to clearing and settlement.
Joining the OSTTRA team is a unique opportunity to help build a bold new business with an outstanding heritage in financial technology, playing a central role in supporting global financial markets. Learn more at www.osttra.com.
