Senior Information Security Analyst, Contracts

We are the leading source of intelligent information for the world's businesses and professionals, providing customers with competitive advantage. Intelligent information is a unique synthesis of human intelligence, industry expertise and innovative technology that provides decision-makers with the knowledge to act, enabling them to make better decisions faster. We deliver this must-have insight to the financial and risk, legal, tax and accounting and media markets, powered by the world's most trusted news organization.

Position Title: Senior Analyst, Contract Reviews (Governance & Risk)

Business Unit: ET&O

Product or Service: Information Security Risk Management (ISRM)

Role Summary:

We seek an ambitious and business focused Information Security Analyst to join the Governance, Risk & Compliance (GRC) group within Information Security Risk Management (ISRM).

The Information Security Analyst is responsible for maintaining the ISRM contract review process to ensure that Thomson Reuters information security requirements are included in 3rd party agreements and that where risks are identified that they are properly escalated.

The Information Security Analyst will be expected to be a subject matter expert on Thomson Reuters security standards and to use that knowledge to advise and consult key stakeholders on what it is appropriate to do in contracts with 3rd parties. This would include working with the Information Privacy and Sourcing Team, as well as Business Unit Contract Negotiators and the ISRM Vendor Risk Management and Customer Assurance teams.

The role holder will help design the process to ensure that Thomson Reuters customers receive an efficient service, while also ensuring that Suppliers understand and accept their responsibilities for information security governance.

The performance metrics from the Contract Review process will be used to drive ISRM and Thomson Reuters security strategy, but also to provide insight into customer expectations.

This role requires a mix of business and technical acumen, to confidently negotiate with 3rd parties about security risk management.

The successful candidate will be expected to participate in information security initiatives and projects spanning:

  • Information Security Policy & Controls Framework
  • Process definition
  • Risk Governance for the "Crown Jewel" asset program
  • Risk Governance for key regulatory programs such as GDPR & NYDFS.
  • Risk assessments & risk metrics
  • Remediation and reporting
  • Mergers, Acquisitions & Divestitures risk assessments
  • Outsource engagements risk assessments

She/he will support strategies that guide the organization towards making effective risk decisions. They will be comfortable and confident when articulating recommendations to Customers, Senior Management, Business stakeholders and/or our Technology Partners.

This role would suit a self starter who is detail oriented, who has experience operating in matrix global business structures. The role holder will be able to collaborate, influence and/or lead efforts as required.

Main Responsibilities / Accountabilities:

Primary Areas of Responsibility:

  • Manage the day to day information security contract review process (including its alignment to security controls framework).
  • Publish monthly/quarterly/annual metrics from the program to Key Stakeholders and SME's.
  • Manage multiple negotiation engagements through to completion, ranging from reviewing security/privacy obligations to performing vendor security gap analyses.
  • Provide consultancy and subject matter expertise on assigned engagements.
  • Ensure adherence to security policies in planned or assigned engagements and projects.
  • Publish and maintain processes & procedures (as required).
  • Work with Senior Management in driving awareness of identified risks, as well as status reporting and governance.
  • Performs other related duties as assigned or required.

Key Relationships:

  • ISRM colleagues
  • Contract Negotiation stakeholders (including Vendor Assurance & Technology Sourcing (internal) and Customers & Suppliers (external))
  • Business Unit Security Officers
  • Internal Audit, Legal Sourcing, Information Privacy and other governance groups

Essential Skills and Experience:

  • Experience reviewing and negotiating Information Security Agreements, ideally within a regulated industry.
  • Proficient in EU & US regulations that drive requirements from customers and for governance of 3rd parties (e.g. GDPR, SafeHarbor, NYDFS)
  • Understanding of risk management and effective Information Security strategy, practices, technologies and controls frameworks.
  • Experience monitoring data protection & cyber security obligations (contracts, regulations & legislation); and apply those requirements in Information Security policy development.
  • Critical thinking and thorough analyses to provide decision support and guidance to Thomson Reuters businesses, customers and executives.
  • Experience working with External Parties to ensure effectiveness of security policy, strategy and governance.
  • Ability to work with and communicate effectively at executive levels.

Desired Skills and Experience:

  • Experience with information security, privacy or risk management in a financial services or internet driven environment.

Desired Education/ Certifications:

  • Undergraduate degree or equivalent experience.
  • CISA or CISM

At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With over 60,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

To learn more about what we offer, please visit

More information about Thomson Reuters can be found on

Meet Some of Thomson Reuters's Employees

Madlyn D.

HR Manager

Madlyn works with business leaders at Thomson Reuters to ensure all employees are engaged and operating as efficiently as possible in their respective positions.

Catherine N.

Energy Markets Reporter

Catherine follows the fluctuating trends of the oil industry, reporting on market changes and issues in ways that are easily understandable to those who aren’t completely familiar with the field.

Back to top