The Apex Group was established in Bermuda in 2003 and is now one of the world’s largest fund administration and middle office solutions providers.

Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.Your career with us should reflect your energy and passion.

That’s why, at Apex Group, we will do more than simply ‘empower’ you. We will work to supercharge your unique skills and experience.

Take the lead and we’ll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities.

For our business, for clients, and for you

Role Overview

We are seeking a motivated and detail-oriented Junior IT & Information Security Policy Analyst to join our Technology Risk & Security team. This role is ideal for someone early in their career who has a strong foundation in information security frameworks and regulatory requirements and is eager to build expertise in developing and maintaining policies, standards, and control documentation.

The successful candidate will help ensure our organization’s policies, procedures, and standards align with industry best practices, compliance obligations, and audit requirements.

Key Responsibilities

• Assist in the development, review, and maintenance of IT and information security policies, procedures, and standards.
• Conduct gap analyses to align existing documentation with key frameworks such as ISO 27001, SOX, NIST, SOC 1/2, and other regulatory requirements.
• Support the policy governance lifecycle, including drafting, formatting, obtaining approvals, and tracking revisions.
• Collaborate with technology and business stakeholders to ensure policies are clear, practical, and aligned with operational processes.
• Contribute to internal and external audit readiness by ensuring documentation accurately reflects control design and intent.
• Support awareness and training initiatives to ensure staff understand and comply with security policies.
• Assist in monitoring regulatory and industry developments to update internal policies accordingly.

Required Skills & Experience

• Foundational understanding of information security and IT risk management concepts.
• Familiarity with key frameworks and regulations, including ISO 27001, SOC 1/2, SOX, and NIST.
• Strong written communication skills with the ability to create clear, concise, and well-structured documentation.
• Ability to interpret technical and regulatory requirements into business-friendly language.
• Detail-oriented, organized, and able to manage multiple priorities.
• Proficiency in Microsoft Office (Word, Excel, PowerPoint).

Preferred Qualifications

• Bachelor’s degree in information technology, Cybersecurity, Risk Management, or a related field (or equivalent experience).
• Exposure to audit processes (internal or external) or compliance reviews.
• Knowledge of additional frameworks and regulations (e.g., PCI DSS, GDPR, HIPAA) is a plus.
• Relevant entry-level certifications (e.g., CompTIA Security+, ISO 27001 Foundation, ITIL Foundation) are desirable.

What We Offer

• Opportunity to grow into senior risk, compliance, or security roles.
• Mentorship and training on advanced information security governance practices.
• Exposure to global frameworks, industry-leading tools, and audit processes.

A collaborative team environment where your contributions matte

Disclaimer: Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.