Information Security GRC Specialist

Let's be #BrilliantTogether

Position Overview

In this role, you will support the information security agenda for ISS STOXX, playing a crucial part in securing the confidentiality, integrity, and availability of our information assets, systems, and services. As part of the Governance, Risk, and Compliance (GRC) team within the Information Security Office, you will work closely with technology functions to identify areas of greatest risk and support initiatives to maintain the information security and technology risk profile within appetite. You will also interact with internal business customers and internal and external audit functions responsible for managing compliance testing of control requirements.

Responsibilities

• Assist in ensuring compliance with regulatory requirements and industry standards such as ISO 27001, GDPR, and NIST.
• Support the design, implementation, and monitoring of policies, procedures, and controls for compliance and regulatory activities.
• Assist in creating reports, metrics, and dashboards to measure the effectiveness of security controls and communicate insights to stakeholders.
• Support the implementation and continuous improvement of the organization's Information Security Management System (ISMS).
• Collaborate with IT and business teams to integrate information security seamlessly into the system development lifecycle.
• Assist with monitoring, maintaining, and measuring compliance with industry standards, certifications, and internal controls.
• Support IT Vendor Security, Application Security, and Physical Security Assessment programs.
• Ensure accurate and timely reporting of security metrics and key risk indicators (KRIs).
• Perform vulnerability application scanning and coordinate penetration testing.
• Other duties as assigned to improve security posture within ISS STOXX.

Required Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Experience establishing and monitoring information security controls.
• Knowledge of security frameworks and standards such as ISO 27001, SOC, and SSAE is preferred.
• Experience writing supporting documentation and security policies.

Experience required

• Strong verbal and written communication skills with the ability to interact and coordinate effectively with clients and ISS STOXX personnel globally.
• Strong administrative skills, including task development and time/resource management to meet deadlines.
• Proficiency in general computer applications, including Microsoft Word, PowerPoint, and Outlook.

• Advanced proficiency in Microsoft Excel, including:

• Knowledge of complex formulas and functions such as VLOOKUP and logical functions.

• Experience creating and modifying PivotTables and PivotCharts for detailed data analysis and visualization.
• Excellent analytical, organizational, and interpersonal skills.
• Proven process-oriented mindset with attention to detail and compliance focus.

What You Can Expect from Us

At ISS STOXX, our people are our driving force. We are committed to building a culture that values diverse skills, perspectives, and experiences. We hire the best talent in our industry and empower them with the resources, support, and opportunities to grow—professionally and personally.

Together, we foster an environment that fuels creativity, drives innovation, and shapes our future success.

Let's empower, collaborate, and inspire.

Let's be #BrilliantTogether.

About ISS STOXX

ISS STOXX GmbH is a leading provider of research and technology solutions for the financial market. Established in 1985, we offer top-notch benchmark and custom indices globally, helping clients identify investment opportunities and manage portfolio risks. Our services cover corporate governance, sustainability, cyber risk, and fund intelligence. Majority-owned by Deutsche Börse Group, ISS STOXX has over 3,400 professionals in 33 locations worldwide, serving around 6,400 clients, including institutional investors and companies focused on ESG, cyber, and governance risk. Clients trust our expertise to make informed decisions for their stakeholders' benefit.

Visit our website:

View additional open roles:

Institutional Shareholder Services ("ISS") is committed to fostering, cultivating, and preserving a culture of diversity and inclusion. It is our policy to prohibit discrimination or harassment against any applicant or employee on the basis of race, color, ethnicity, creed, religion, sex, age, height, weight, citizenship status, national origin, social origin, sexual orientation, gender identity or gender expression, pregnancy status, marital status, familial status, mental or physical disability, veteran status, military service or status, genetic information, or any other characteristic protected by law (referred to as "protected status"). All activities including, but not limited to, recruiting and hiring, recruitment advertising, promotions, performance appraisals, training, job assignments, compensation, demotions, transfers, terminations (including layoffs), benefits, and other terms, conditions, and privileges of employment, are and will be administered on a non-discriminatory basis, consistent with all applicable federal, state, and local requirements.