Information Security Risk Analyst II

Information Security Risk Analyst II | GoHenry

GoHenry is a UK-based fintech company created by parents to pioneer financial education. More recently, GoHenry moved into Europe and the US by joining forces with French fintech company PixPay and US investing app, Acorns.

Together, Acorns, PixPay, and GoHenry have over 6 million members across 5 countries. We are focused on empowering families with engaging money management tools, educational content, and a seamless product experience that creates financial well-being from birth to adulthood.

We are looking for an Information Security Risk Analyst II to support the security of GoHenry's financial education platform by identifying, analyzing, and mitigating information security risks. You will be part of the Global Infosec organization and will work closely with the US Infosec team. You will play a crucial role in maintaining our compliance posture and fostering a strong security culture

What you will do at GoHenry:

• Risk Assessment and Analysis:

  • Conduct comprehensive risk assessments to identify vulnerabilities and potential threats.

  • Analyze and prioritize risks based on GoHenry' business context, impact, and likelihood. Provide actionable recommendations for risk mitigation.

• Compliance and Audits

  • Develop and maintain security policies in line with industry standards

  • Support audit (SOC2, PCI DSS) and compliance activities concerning cyber regulations relevant to the UK/EU/US financial sector

• Identity and Access Management

  • Manage Identity and Access Governance.

  • Conduct quarterly access reviews and periodic role certification by system owners

• Cyber Security

  • Support Application Security team in matters relating to secure development lifecycle and security testing

  • Support Cloud Security team in continuously monitoring security controls across cloud environments, focusing on configuration assurance

  • Work with the IT team to ensure the effectiveness of our Endpoint security solutions

• Training and Awareness:

  • Develop and deliver training programs to enhance security awareness among employees.

  • Foster a culture of security within the organization.

• Collaboration and Communication:

  • Communicate cyber security issues, product requirements and risks to stakeholders and senior management in a manner that is consistent with GoHenry' business context.

What you will bring to GoHenry:

You are a detail-oriented security professional with a strong understanding of both technical security controls and regulatory compliance in a fast-paced fintech environment.

• Minimum of 4 years of experience in the Information Security / GRC domain.

• Experience: Proven experience in an Information Security, Cyber Security, or IT Risk role.

• Risk Management Expertise: Hands-on experience performing formal risk assessments and managing risk registers.

• Compliance Knowledge: Working knowledge of major security frameworks and regulatory requirements (e.g., ISO 27001, PCI DSS, SOC2, GDPR).

• Technical Understanding: Familiarity with concepts like secure development lifecycle, cloud security principles (AWS/Azure/GCP), and identity/access management.

• Communication Skills: Exceptional ability to translate complex technical risks into clear, business-focused language for both technical and non-technical audiences.

• Certifications (Desirable): Relevant industry certifications such as CISSP, CISM, CRISC, or similar are a plus.

• Hands-on experience with Security tools and Scripting will be a key differentiator.

What's in it for you?

We offer a competitive package and a culture that supports your professional growth, physical, and mental well-being.

All the essentials you would expect, including a workplace pension plan, 33 days of holiday (including public holidays), & great company events local & abroad

Other Offers:

• GoFlex - Work from Home, Office, or a mix of both.

• Your Birthday Day off.

• 25 days annual leave, in addition to 8 UK bank holidays.

• An excellent Induction & onboarding program with ongoing learning & development throughout your career.

• A choice between Bupa Health Cash Plan or Bupa Private Medical.

• Death in service – 4x your annual salary from month 1.

• Physical and Mental Wellbeing support and platforms for you and your family.

• Family-friendly leave policies:

  • Enhanced maternity leave – 20 weeks full basic pay after 2 years' service and 26 weeks full basic pay after 3 years' service.

  • Paternity leave – 4 weeks full pay after probation.

• Salary Sacrifice options.

About GoHenry

We're on a mission to help every kid be smart with money. Our goal? Create generations of independent, confident young adults, armed with money skills that will set them up for life.

How we do it: We place the power in the hands of young people, giving them the tools they need to master the financial ropes for themselves. They can spend, save, earn, and give with GoHenry's prepaid debit card and app – because learning through doing really works (and it's more fun). All while our unique built-in controls give parents total peace of mind.

We're proud to say...

• We ranked #38 in Newsweek's Top 100 Most Loved Workplaces in the UK in 2023.

• We're one of Tech Track's top 50 fastest-growing UK companies.

• We won Finders Kid's Cards Customer Satisfaction Awards in 2022 and 2023.

• We won the Tech for Good award at the Better Society Awards 2023.

• Our kids and parents have donated over £500,000 of their own money to NSPCC via their GoHenry accounts.

But we're still growing, and that's why we need you.

GoHenry is an equal-opportunity employer, and we're on a mission to foster a diverse & inclusive workplace. Individuals seeking employment at GoHenry are considered without regard to race, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, physical or mental disability, military or veteran status, or any other characteristic protected by applicable law.