Information Security Analyst (GRC)
Description
Welcome to Moneycorp
We’re delighted you’re interested in being a part of Moneycorp.
In the last decade, Moneycorp has transformed from a largely domestic, consumer-focused provider of foreign exchange to an end-to-end global payments’ ecosystem.
With two banking licenses and operations across the entire value chain of the international payments and foreign exchange sectors, we enable businesses, institutions, and individuals to thrive beyond borders.
We help our clients realise their growth ambitions by providing them with worldwide reach, relentless regulatory excellence, and tailored, relevant solutions that resiliently optimise their financial operations.
We’re fervent about pursuing our goals, making substantial contributions to the payments industry, and consistently offering unwavering support to our clients at every stage of their journey.
Moneycorp is a place where energy, commitment to our shared success and collaboration are core to our DNA. We’re restless in our drive to surpass the expectations of our clients and unlock opportunities to support them at every stage of their journey.
The foundation of our success is our people, and nurturing a culture of belonging for all of our colleagues is central to our journey as a global business.
Find out more about Moneycorp’s offering, global footprint and capabilities here: About Us | moneycorp
Who You Are / Your Next Challenge
Information is of paramount importance to Moneycorp and we naturally demand a "no compromise" approach to protecting our technology: to ensure it is available when required; and that our information is not inadvertently or maliciously disclosed, lost, stolen or altered.
This role sits within the Information Security Team, part of Group Risk and Compliance, reporting into the Head of Information Security. The candidate will be responsible for ensuring Moneycorp’s data and information processing systems are protected in-line with the information & cyber security programme.
What we’re looking for / Skills that will help you in the role
ISO27001/SOC2 GRC support
- Provide support to the management of the existing Information Security Management System: governance, risk management, remediation activities.
Information Security assessments
- Conduct information security risk assessments across project lifecycle from incubation to decommission.
- Where necessary, provide advisory to ensure sufficient controls are implemented.
Data management
- Manage and tune Data Loss Prevention tools, to protect and prevent the loss of sensitive information.
Operational Team activities
- Responsible for completing daily tasks, providing KPIs, and triaging ticket queue with SLAs
Person Specification
Knowledge and Experience:
- At least 3 yrs Experience in an information or IT security related role within a financial or regulated firm
- Experience with DLP solutions, such as email filtering, Cloud access security broker and or Microsoft Purview
- Applicants will have a technical background with exposure to IT, security, network or Cloud infrastructure administration
- Fully understand security concepts such as identity access management, defence in depth, least privilege, resilience (technical & operational), segregation (networks & duties), cloud security (shared responsibility)
- Ability to support audits, conduct risk assessments, and implement mitigation strategies.
- Understanding of PCI DSS, SWIFT CSP, and operational resilience frameworks.
- Knowledge of implementing ISO27001:2022
- Data loss prevention & management
Skills:
- Technically astute, understands technical risks to the business and can provide clear risk assessment analysis to the business. Able to challenge where risks are outside of tolerance in an evidenced led, logical and methodical
- Network Security & Protocols – Deep understanding of TCP/IP, firewalls, VPNs, IDS/IPS, and secure network architecture and browser filtering technologies
- Email – understands email delivery, and controls i.e. tracing, analysing, filtering, DMARC, SPF, DKIM
- Security Frameworks & Controls – Familiarity with NIST, CIS Controls, and UK-specific frameworks like Cyber Essentials
- Cloud Security – Knowledge of securing Azure, including IAM, encryption, and monitoring (Sentinel experience beneficial)
- Data Protection & Encryption – Understanding of cryptographic protocols and secure data handling practices
- Experience in Information Security Awareness and Training, phishing simulations, managing online training (CBT), providing content for awareness
- Attention to Detail – Critical for monitoring logs, reviewing configurations, and writing formal documentation
- Analytical Thinker – Ability to assess complex systems and identify potential risks and vulnerabilities
- Ability to disseminate documentary evidence to provide objective analysis
- Maintain a current understanding of common vulnerabilities and appropriate remediation
- Communicating and documenting user reported security problems and incidents
- Keeps up to date with the latest Information and Cyber news, threats and incidents
- Appreciate when to escalate issues upwards
Desirable Skills:
- Familiarity with Data Protection and Financial regulations i.e. GDPR, FCA regulations, PRA guidelines, UK Data Protection Act, DORA.
- Familiar with: SOC2 Type II, NIST CSF, PCI DSS and NCSC guidance
Education:
- BSc/MSc in Information Security, computing, science, technology, engineering or mathematics (STEM) subject
- Known security qualifications such as CompTIA Security+, CySA+, CASP, or other established certifications from ISC2, ISACA GIAC or EC-Council.
- Azure Fundamentals AZ-900; Security, Compliance and Identity Fundamentals SC-900; or other Microsoft certification
Personal Attributes:
- A passion for cyber security and a keen interest in IT
- Highly motivated, responsible, reliable and organised individual able to use own initiative, manage own time and workload and an excellent attention to detail
- Inquisitive, keen to learn
- Capable of developing a strong working relationship with peers to encourage good security practices
- Collaborative and team-oriented, flexible attitude, adhering to a high standard of ethical behaviour
This position is full-time, permanent. The role is office-based in Coventry as part of the Risk and Compliance team. However, we have an agile flexible working policy which enables you to work up to 2 days from home if desired.
What you get in return:
This role offers a competitive salary with commission or bonus, plus a comprehensive benefits package including 25 days holiday plus a day off for your birthday, pension, BUPA private medical health insurance and more.
Interested?
If the role sounds like you, we invite you to upload a copy of your CV and can do this by clicking on the Apply Now button
Fostering a culture of belonging and inclusivity
We're committed to creating a workplace where every individual feels valued, respected, and included. As an Equal Opportunity Employer, we actively cultivate an inclusive culture where diversity thrives, and we empower our colleagues to drive meaningful change within our organisation through initiatives like our DE&I focus groups and value champion network.
Like many of our peers, we recognise that fostering inclusivity is an ongoing journey, and we remain steadfast in our commitment to progress. By measuring our efforts through regular assessments and listening to the feedback of our employees, we strive to ensure that our initiatives are impactful and responsive to the evolving needs of our workforce.
Together, we want to build a workplace where everyone can bring their authentic selves to work, as we believe this is the foundation of innovation, creativity, and collective success.
Connect with us
For company news, announcements and market insights, visit our News Hub.
You can also find Moneycorp on Facebook, Twitter UK, Twitter Americas, Instagram, LinkedIn, where you can discover how we are leading the way in global payments and currency risk management.