Manager, Information Security Policy (Governance & Risk)

We are the leading source of intelligent information for the world's businesses and professionals, providing customers with competitive advantage. Intelligent information is a unique synthesis of human intelligence, industry expertise and innovative technology that provides decision-makers with the knowledge to act, enabling them to make better decisions faster. We deliver this must-have insight to the financial and risk, legal, tax and accounting and media markets, powered by the world's most trusted news organization.

Position Title: Manager, Information Security Policy (Governance & Risk)

Business Unit: ET&O

Product or Service: Information Security Risk Management (ISRM)

Role Summary:

We seek an ambitious and business focused Information Security Manager to join the Governance, Risk & Compliance (GRC) group within Information Security Risk Management (ISRM).

The Information Security Policy Manager is responsible for the development & maintenance of the Thomson Reuters information security policy framework; which includes identifying obligations, creating draft analyses, coordinating responses from stakeholders and publication of policies, standards & guidelines.

The role will be a key decision maker on issues that affect the company's risk posture. The Information Security Policy Manager will be someone that has a passion for leading the process which evaluates Information Security risks to develop a pragmatic policy, standards, and guidelines that align with Thomson Reuters corporate strategy, culture and customer expectations.

This role requires a mix of business and technical acumen, with the ability to inspire and influence decisions around security risk management.

The successful candidate will be expected to participate in information security initiatives and projects spanning:

  • Information Security Policy & Controls Framework
  • Process definition
  • Risk Governance for the "Crown Jewel" asset program
  • Risk Governance for key regulatory programs such as GDPR.
  • Risk assessments & risk metrics
  • Remediation and reporting
  • Mergers, Acquisitions & Divestitures risk assessments
  • Outsource engagements risk assessments

She/he will support strategies that guide the organization towards making effective risk decisions. They will be comfortable and confident when articulating recommendations to Senior Management, Business stakeholders and/or our Technology Partners.

This role requires a strategic thinker with experience delivering global initiatives or programs in matrix business structures. The role holder will be able to collaborate, influence and/or lead efforts as required.

In addition, this position requires expertise presenting complex concepts and participating in training & awareness.

Main Responsibilities / Accountabilities:

Primary Areas of Responsibility:

  • Manage the development of the Thomson Reuters Security Policy set (including its alignment to security controls framework).
  • Publish monthly/quarterly/annual updates to Key Stakeholders and SME's.
  • Manage multiple projects through to completion, ranging from reviewing security/privacy obligations to performing security gap analyses.
  • Provide consultancy and subject matter expertise on assigned engagements.
  • Ensure adherence to security policies in planned or assigned propositions and projects.
  • Maintain information security policies and procedures.
  • Assists in the maintenance of the GRC methodology processes/tools.
  • Work with Senior Management in driving awareness of identified risks, as well as status reporting and governance.
  • Performs other related duties as assigned or required.

Key Relationships:

  • ISRM colleagues
  • Security Policy stakeholders (Technology & Product teams)
  • Business Unit Security Officers
  • Internal Audit and other governance groups

Essential Skills and Experience:

  • Experience in Information Security Policy development and risk management in a global organization, ideally within a regulated industry.
  • Understanding of risk management and effective Information Security strategy, practices, technologies and controls frameworks.
  • Experience monitoring data protection & cyber security obligations (contracts, regulations & legislation); and managing those requirements in Information Security policy development.
  • Critical thinking and thorough analyses to provide decision support and guidance to Thomson Reuters businesses, customers and executives.
  • Experience working with External Auditors to ensure effectiveness of security policy, strategy and governance.
  • Experience managing people or processes in a global/matrix environment.
  • Demonstrated leadership skills with ability to work and communicate effectively at executive levels.

Desired Skills and Experience:

  • Undergraduate degree or equivalent experience.
  • Extensive experience in information security, privacy or risk management in a financial services or internet driven environment.

Desired Professional Qualifications:


At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With over 60,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

To learn more about what we offer, please visit

More information about Thomson Reuters can be found on

Meet Some of Thomson Reuters's Employees

Stephanie B.

Producer, Facebook Live

Stephanie creates innovative video copy for live Facebook feeds, working with reporters right in the office, as well as those stationed all around the world.

Catherine N.

Energy Markets Reporter

Catherine follows the fluctuating trends of the oil industry, reporting on market changes and issues in ways that are easily understandable to those who aren’t completely familiar with the field.

Back to top