IT Regulatory & Policy Manager – F&R, Thomson Reuters, Nottingham UK

“This role sits within our Financial & Risk (“F&R”) business.  On January 30, 2018, Thomson Reuters announced that it signed a definitive agreement to enter into a strategic partnership with private equity funds managed by Blackstone related to the company’s F&R business. As part of the transaction, Thomson Reuters has agreed to sell a 55% majority stake in Financial & Risk and will retain a 45% interest in the business.  Thomson Reuters will maintain full ownership of its Legal, Tax & Accounting and the Reuters News businesses. The transaction is expected to close in the second half of the year and is subject to specified regulatory approvals and customary closing conditions. When the transaction closes, this role will be included in the new F&R entity.  Further information on this can be found at https://www.thomsonreuters.com/en/press-releases/2018/january/thomson-reuters-and-blackstone-announce-strategic-partnership-for-thomson-reuters-financial-and-risk-business.html”

Role Summary

Thomson Reuter’s Information Security & Risk Management (ISRM) team is looking for an experienced individual to oversee and manage the Regulatory and Policy program.  The role will be responsible for determining the current level of policy coverage to meet our regulatory, including customers, and internal requirements; and ensuring gaps are addressed, implemented and mitigated on an ongoing basis to ISRM leaderships expectations.

The ideal candidate will possess the right demeanor, skillset and experience to operate in the fast-paced and dynamic world of information security and risk, with experience in working on different assignments at a time, establishing andf maintainingn key relationships across a global & matrixed environment, and with aproven track record of detailed oriented delivery.

Essential Responsibilities:

Support the building and execution of the Policy program in alignment with overall Thomson Reuters ISRM strategy
Identify regulatory, customer and internal requirements for control requirements
Determine and maintain policy coverage reconciliation to drive strategy
Establish and prioritise policy control implementations aligned to current policy coverage and requirements
Execute the Policy implementation process ensure all respective steps are followed
Oversee the ongoing operations of the policy working group
Act as SME in all policy related areas including the writing of control language and scoping of policy documents
Ensure the effective tracking of progress and implementation of policy controls
Design, produce and socialise training and awareness materials to identified audiences
Ensure the effective completion and tracking of exceptions
Establish relationships with critical partners including General Counsel and Technology functions
Identify, define and maintain key measurements related to implementation and maturity
Communicate internally and externally in an organized and knowledgeable manner
Leverage project management and project facilitation skills, especially with leading and facilitating project execution within a matrix organisation
Actively contribute in the decision-making process relating to company business strategy by providing advice on regulatory changes/updates and analyzing legal and regulatory requirements towards the Company’s interests
Deliver additional activities as defined by senior leadership

Qualifications/Requirements

Bachelor’s degree in an IT or business-related discipline
Extensive experience in IT governance and risk including financial services or internet driven environment.
CISA, CRISC or CGEIT Certified
Working knowledge of regulatory requirements, e.g GDPR, SOx, PCI-DSS, FFIEC and industry leading practices relating to compliance risk management programs and processes
Possess strong verbal & written communication skills
Led deployment of information security programs and solutions across complex environments
Knowledge of industry wide information security frameworks including ISO 27001/2, NIST
Strong critical thinking and group facilitation skills, specifically in large or complex problem settings
Must be a strong cross-functional team player with ability to manage and coach others in a matrix structure, across time zone and national boundaries
Ability to travel upto 8 weeks per year
Must have unrestricted authorization to work in the United Kingdom
Must submit to a background investigation, including verification of past employment, criminal history and educational background

Desired Characteristics:

Good business acumen with a successful track record in aligning to business drivers
Strong Report writing and document creation skills, including Microsoft PowerPoint
Experience of managing an IT policy lifecycle program
Experience of configuring and using GRC solutions
At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one – collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance – and their own.

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

To learn more about what we offer, please visit thomsonreuters.com/careers.

More information about Thomson Reuters can be found on thomsonreuters.com.