Senior Information Security Risk Analyst

Management Level F Equiniti provides comprehensive solutions to support organizations throughout their corporate lifecycle, including managing shareholder engagement, maintaining stock registers, facilitating ownership transfers, enabling shareholder meetings, paying dividends, supporting IPOs, and administering employee equity plans. We are dedicated to revolutionizing shareholder services by developing digital solutions that facilitate dematerialization for issuers and shareholders. EQ is a fintech that connects the future of capital, communications, and governance, building trust and confidence in every market we serve. Our values set the core foundations to our success. We are TRUSTED to deliver on our commitments, COMMERCIAL in building long term value, COLLABORATIVE in our approach and we IMPROVE by continually enhancing our skills and services. There has never been a better time to join EQ. Core Duties/Responsibilities Risk Identification, Assessment and Analysis As a Senior Information Security Risk Analyst, you will lead and conduct comprehensive security risk assessments across EQ’s internal systems, infrastructure, cloud platforms, third-party services, applications, mobile environments, and networks. Your role will be pivotal in identifying and evaluating potential cybersecurity threats and vulnerabilities, ensuring robust risk mitigation strategies are in place to protect EQ’s data and systems. You will work cross-functionally with stakeholders to embed security best practices and ensure alignment with regulatory and organisational standards. Review cloud architecture, deployment models, and services to identify gaps against industry best practices (e.g., CIS Benchmarks, NIST, ISO 27001). Collaborate with DevOps and Cloud Engineering teams to advise on security controls and risk mitigation strategies in AWS, Azure. Lead the analysis and interpretation of security data from diverse sources—including technical assessments, penetration test reports, and code reviews—to identify systemic vulnerabilities, inform strategic risk decisions, and guide enterprise-level remediation efforts. Drive the development and strategic recommendation of risk mitigation initiatives, translating assessment findings into actionable improvements to security policies, enterprise controls, and technical architectures Maintain Risk records and Risk Acceptances regarding IT, Information or Cyber Security in the Company’s Risk Register/GRC tool. Regulatory Requirements Identification Lead the interpretation and strategic integration of evolving cybersecurity regulations and standards (e.g., GDPR, NIST, ISO 27001, SOX, AI Act, DORA), in collaboration with Legal and Compliance, to ensure enterprise-wide alignment and risk-informed decision-making. Lead enterprise-level compliance assessments and cybersecurity gap analyses to evaluate EQ’s adherence to relevant regulations and frameworks. Embed these requirements into the broader Risk Management lifecycle, ensuring systematic enforcement across all new and evolving IT systems and applications Third-Party Risk Management Conduct Risk Analysis of existing and new third-parties playing a significant role in the Company’s supply chain and with access to Company or customer data or the Company’s systems Track any significant risk issues arising to completion over agreed timescales. Information Security Metrics & Reporting Oversee the aggregation and analysis of enterprise-wide risk data to identify emerging threats, and deliver strategic, data-driven insights and reports to Executive and senior leadership teams. Stakeholder Engagement Engage with various developers and stakeholders across the business in selecting tailored security training on the training platform. Engage in knowledge sharing sessions on emerging threats and security risk trends. Risk Method Development Lead the evolution and governance of the enterprise Security Risk Management Framework, collaborating across IT and security teams to embed effective technical controls (e.g. firewalls, encryption, MFA) and ensure policies, standards, and procedures align with best practice and regulatory requirements. Advise and enable secure software development by defining secure coding standards, guiding development teams, and integrating application security testing tools into the SDLC. Benefits: Being a permanent member of the team at EQ you will be rewarded by our company benefits, these are just a few of what is on offer: Business related certification expense reimbursement Comprehensive Medical Assurance coverage for dependents Accidental & Life cover 3 times of concerned CTC We are committed to equality of opportunity for all staff and applications from individuals are encouraged regardless of age, disability, sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships. Please note any offer of employment is subject to satisfactory pre-employment screening checks. Our people and platforms connect businesses with markets, engage customers with their investments and allow organisations to grow and transform. Our vision is to help businesses and individuals succeed, creating positive experiences for the millions of people who rely on us for a sustainable future. We provide share registration, deliver services for reward and benefits and develop solutions for customer management in regulated industries. Our work with some of the most significant organisations in the UK and US means we engage with 29 million of their shareholders, pensioners and employees.