Register  |  Log In  |  Contact Us

Information Security Analyst, Governance & Risk

Contract Type
Digital, IT, Legal, Risk
Expiry Date
We seek an ambitious and business focused information security analyst to join the Governance, Risk & Compliance (GRC) group within Information Security Risk Management (ISRM).

Job Description

We are the leading source of intelligent information for the world's businesses and professionals, providing customers with competitive advantage. Intelligent information is a unique synthesis of human intelligence, industry expertise and innovative technology that provides decision-makers with the knowledge to act, enabling them to make better decisions faster. We deliver this must-have insight to the financial and risk, legal, tax and accounting and media markets, powered by the world's most trusted news organization.

Position Title: Information Security Analyst, Governance & Risk 

Business Unit: ET&O

Product or Service: Information Security Risk Management (ISRM)


Role Summary: 

We seek an ambitious and business focused information security analyst to join the Governance, Risk & Compliance (GRC) group within Information Security Risk Management (ISRM).

The successful candidate will be expected to take a lead on management reporting and security metrics while also participating in information security initiatives and projects spanning:

  • Information Security Policy & Controls Framework
  • Process definition
  • Risk assessments & risk metrics
  • Remediation and reporting

Management reporting is a key part of driving the overall security risk management program at Thomson Reuters and the candidate will be shaping the requirement and delivering reporting for executive audiences across the organization.

She/he will support strategies that guide the organization towards making effective risk decisions. They will be comfortable and confident when articulating recommendations to Senior Management, Business stakeholders and/or our Technology Partners.

This role requires a strategic thinker with experience delivering global initiatives or programs in matrix business structures. The role holder will be able to collaborate, influence and/or lead efforts as required.


Main Responsibilities / Accountabilities: 

  • Work independently to create reports for the CISO, Senior Management and CTO’s about the security posture of specific areas of information security, risk or protection. 
  • Work with Senior Management in driving awareness of identified risks, as well as status reporting and governance.
  • Manage the operating rhythm for the management and metrics reporting 
  • Collect, analyze and interpret security risk metrics data. 
  • Maintain copies and track all source documents or data as backup for the monthly/quarterly reports
  • Work with partners in Shared security service and the technology teams to source data and inputs for management and metrics reporting. 
  • Liaison with Security Operations Center, ISRM personnel and other internal departments to coordinate appropriate data to support analyses and to communicate resulting performance against established standards
  • Provide consultancy and subject matter expertise on assigned engagements.
  • Maintain information security policies and procedures (as required). 
  • Assists in the maintenance of the GRC methodology processes/tools.
  • Performs other related duties as assigned or required.


Key Relationships: 

  • ISRM colleagues
  • Technology partners 
  • Business Unit Security Officers
  • Internal Audit and other governance groups


Essential Skills and Experience:

  • Proficient in MS Office, especially MS PowerPoint and MS Excel.
  • Advanced skills interfacing, creating pivot tables, and charting
  • Must be detail oriented, analytical, and organized
  • Experience in information gathering and business requirement gathering for use in business wide reporting
  • Understanding of data handling principles
  • Good communication and presentation skills
  • Ability to work under pressure and maintain focus
  • Reporting and analysis experience


Desired Skills and Experience: 

  • Undergraduate degree or equivalent experience.
  • Substantial experience in IT, information security, privacy or risk management in a financial services or internet driven environment.


Education/ Certifications: 



At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With over 60,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

To learn more about what we offer, please visit

More information about Thomson Reuters can be found on