Information Security Risk Analyst II

Information Security Risk Analyst II | GoHenry

GoHenry is a UK-based fintech company created by parents to pioneer financial education. We have expanded into Europe and the US through partnerships with PixPay and Acorns. Together, Acorns, PixPay, and GoHenry have over 6 million members across 5 countries. We focus on empowering families with engaging money management tools, educational content, and a seamless product experience that fosters financial well-being from birth to adulthood.

• Risk Assessment and Analysis:
  • Conduct comprehensive risk assessments to identify vulnerabilities and potential threats.
  • Analyze and prioritize risks based on GoHenry's business context, impact, and likelihood. Provide actionable recommendations for risk mitigation.
• Compliance and Audits:
  • Develop and maintain security policies in line with industry standards.
  • Support audit (SOC2, PCI DSS) and compliance activities concerning cyber regulations relevant to the UK/EU/US financial sector.
• Identity and Access Management:
  • Manage Identity and Access Governance.
  • Conduct quarterly access reviews and periodic role certification by system owners.
• Cyber Security:
  • Support Application Security team in secure development lifecycle and security testing.
  • Support Cloud Security team in continuously monitoring security controls across cloud environments, focusing on configuration assurance.
  • Work with the IT team to ensure the effectiveness of endpoint security solutions.
• Training and Awareness:
  • Develop and deliver training programs to enhance security awareness among employees.
  • Foster a culture of security within the organization.
• Collaboration and Communication:
  • Communicate cybersecurity issues, product requirements, and risks to stakeholders and senior management in a manner aligned with GoHenry's business context.

You are a detail-oriented security professional with a strong understanding of both technical security controls and regulatory compliance in a fast-paced fintech environment.

• Minimum of 4 years of experience in the Information Security / GRC domain.
• Experience: Proven experience in an Information Security, Cyber Security, or IT Risk role.
• Risk Management Expertise: Hands-on experience performing formal risk assessments and managing risk registers.
• Compliance Knowledge: Working knowledge of major security frameworks and regulatory requirements (e.g., ISO 27001, PCI DSS, SOC2, GDPR).
• Technical Understanding: Familiarity with concepts like secure development lifecycle, cloud security principles (AWS/Azure/GCP), and identity/access management.
• Communication Skills: Exceptional ability to translate complex technical risks into clear, business-focused language for both technical and non-technical audiences.
• Certifications (Desirable): Relevant industry certifications such as CISSP, CISM, CRISC, or similar are a plus.
• Hands-on experience with security tools and scripting will be a key differentiator.

We offer a competitive package and a culture that supports your professional growth, physical, and mental well-being.

All the essentials you would expect, including a workplace pension plan, 33 days of holiday (including public holidays), and great company events local and abroad.

• GoFlex - Work from home, office, or a mix of both.
• Your Birthday Day off.
• 25 days annual leave, in addition to 8 UK bank holidays.
• Induction & onboarding program with ongoing learning and development.
• Choose between Bupa Health Cash Plan or Bupa Private Medical.
• Death in service - 4x your annual salary from month 1.
• Physical and mental wellbeing support and platforms for you and your family.
• Family-friendly leave policies:
  • Enhanced maternity leave - 20 weeks full basic pay after 2 years' service and 26 weeks full basic pay after 3 years' service.
  • Paternity leave - 4 weeks full pay after probation.
• Salary sacrifice options.

We're on a mission to help every kid be smart with money. Our goal is to create generations of independent, confident young adults, armed with money skills for life. We provide GoHenry’s prepaid debit card and app with built-in controls for parents’ peace of mind.

• We ranked #38 in Newsweek's Top 100 Most Loved Workplaces in the UK in 2023.
• One of Tech Track's top 50 fastest-growing UK companies.
• Awarded several customer satisfaction and technology awards in 2022 and 2023.
• Donations to NSPCC via GoHenry accounts.

GoHenry is an equal-opportunity employer. We are committed to fostering a diverse and inclusive workplace. Employment decisions are made without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.