Information Security Policy Manager

Job Description

Job Description

Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment.

IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.

Barron's has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.

This is Hybrid role (4 days in office /1 day remote)

About your Team:

The Information Security Policy Manager develops, maintains, and communicates IBKR's information security policies aligned to regulatory requirements, industry best practices, and IBKR's control environment and risk appetite. This role is responsible for IBKR's formal information security policy library, ensuring IBKR's security program is supported by well-considered policy mandates.

What will be your responsibilities within IBKR:

• Maintain and extend IBKR's information security policy library to align with regulatory requirements, business risk appetite, industry-accepted risk frameworks, and IBKR's control environment.
• Coordinate and drive the development, review, and update of information security policies and standards based on identified need and defined maintenance intervals.
• Map IBKR's security policies to, and analyze gaps against, applicable risk and regulatory frameworks and laws, such as DORA, FFIEC, NIST CSF.
• Support security-related external assessments, audits, and regulatory examinations by providing evidence of compliance.
• Partner with the Information Security Controls Manager to ensure policies are supported by appropriate controls and testing procedures.
• Evaluate security controls, identify opportunities for improvement, and communicate constructive recommendations.
• Other duties, as assigned

What required skill's you need:

• 7+ years of experience in information / cyber security experience, including 3+ years developing and managing information security policies in a regulated industry (preferably financial services) and 3+ years hands-on, technical cybersecurity roles.
• Fluent understanding of regulatory requirements affecting cybersecurity, including DORA, SEC, FFIEC, and common regulations issued in Europe (EBA) and APAC (SFC, MAS).
• Working familiarity with common security frameworks, including NIST CSF and ISO 27001/27002.
• Prior experience as owner of policies or technical standards documentation.
• Experience as lead responder to regulatory examinations, audit requests, and client due diligence questionnaires related to policy and compliance.
• Proven ability to write clear, actionable policies addressing complex regulatory and technical requirements, grounded in industry accepted practices and risk management concepts, and based on existing controls and technology environments
• Experience working with GRC (Governance, Risk, and Compliance) tooling a plus.
• Experience building cross functional consensus as an individual contributor
• Bachelor's degree in Information Security, Computer Science, Information Technology or a related field, or equivalent experience
• CISM certification a plus.

To be successful in this position, you will have the following:

• Strong critical thinking, analytical, organizational, time management, and writing and editing skills – all with attention to detail.
• Track record of building bridges with technology practitioners and translating complex technical concepts into simple, accessible language for business audiences.
• A self-motivated, open, collaborative, client-centric, consensus-building problem-solving mentality
• Ability to exercise good judgment when solving problems with incomplete information

• Competitive salary, annual performance-based bonus and stock grant
• Retirement plan 401(k) with competitive company match
• Excellent health and wellness benefits, including medical, dental, and vision benefits. Company paid medical healthcare premium.
• Wellness screenings and assessments, health coaches and counseling services through an Employee Assistance Program (EAP)
• Daily company lunch allowance provided and a fully stocked kitchen with healthy options for breakfast and snack
• Corporate events including team outings, dinners, volunteer activities and company sports teams
• Education reimbursement and learning opportunities