You will be tasked with developing, designing and delivering innovative solutions whilst reducing operational, financial and other risks.
The primary responsibility of the Information Security Manager is to manage the security activities across all cybersecurity services delivered by the company. The Information Security Manager will be responsible for Security assurance, data protection activities and delivering security training and awareness across the business and responsibility for Identity & Access Management lifecycle management.
- Assist the Head of Technology in defining the security assurance schedule and corresponding metrics and key risk indicator for measuring the effectiveness of the assurance programme.
- Perform quality assurance reviews of the control testing papers and final reports
- testing activities required to ensure ongoing compliance with policies and standards.
- Manage relationship and performance of security testing service providers (e.g. for penetration tests or red team testing) in order to ensure planning and execution of these tests is effective in identifying Legal and General’s key security risks.
- Support Group IT business with transformation projects by performing security assessments and ensuring that controls and security requirements are being implemented through the transformation lifecycle.
- Support Identity & Access Management lifecycle management activities in-line with Group policies and processes.
- Assist the Head of IT in preparing and presenting assurance reports and papers to the Audit Committee and Board to help ensure senior stakeholders have a clear understanding of Legal & General’s key security risks.
- Manage the team in accordance with the Company’s policies and procedures, including the Partnership Agreement, so that the team’s business objectives are achieved consistently.
- Ensure alignment to Customer Experience and treat customers fairly
- Strong understanding of assurance methodologies and testing protocols
- Strong understanding of cyber controls and cyber risks to identify and evaluate control effectiveness and identify any potential gaps between cyber risks and existing cyber controls
- Understanding of various cyber technologies, insider threat protection, mobile device protection etc.
- Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively
- Strong analytical skills
- Prior leadership/ management experience is essential
- Prior work experience in delivery, managing and quality assuring information security assurance activity
- Ability to interact with senior security stakeholders and report on programme effectiveness
If this role is of interest please contact email firstname.lastname@example.org