Cyber Security Risk & Controls Manager (Fintech)

TL;DR

Cyber Security Risk & Controls Manager (Fintech): Provides expertise on cyber security related risk matters, staying abreast of emerging threats, vulnerabilities and risks within the Technical Risk Functional Areas with an accent on cyber security controls designed and operated across L&G in a consistent and effective manner. Focus on proactive challenge, risk and control insight supporting cyber security controls testing, assurance activities and enabling Business Technology Risk Partners with subject matter knowledge on cyber security risks.

Location: London

Company

hirify.global (L&G) is a leading UK financial services group and major global investor.

What you will do

• Provide expert guidance on cyber security risk identification, analysis and mitigation to ensure alignment with L&G risk frameworks and evolving threat intelligence
• Lead the implementation and continuous improvement of cyber security controls across L&G systems, applications and third parties, to ensure controls remain effective, proportionate and mitigate our key risks
• Ensure compliance to cyber security policies and standards, and regulatory requirements, to ensure L&G and its third parties meets internal and external requirements
• Manage, oversee and provide cyber security subject-matter expertise to controls testing, assurance reviews and preparation for internal or external audits
• Provide subject matter expertise input into the response and analysis of cyber security or controls failures, to ensure lessons are learned and systemic risks are addressed
• Maintain up-to-date knowledge of cyber and information security and managing the pool of subject-matter experts

Requirements

• Strong familiarity with technology and security frameworks such as NIST Cyber Security Framework (CSF), COBIT, ISO27001/2 and COSO
• Good understanding of regulatory requirements relevant to financial services (e.g. FCA/PRA regulations, UK GDPR, DORA)
• Experience designing and/or assuring information technology controls implementation, controls automation, risk frameworks, and audit responses
• Exposure to briefing to a wide range of audiences (including technical and non-technical at all levels of an organisation) would be a huge plus
• Management experience in information technology risk, governance or assurance within a complex, regulated environment
• Technology risk and governance related qualifications such as CRISC, CGEIT or CISA would be great

Culture & Benefits

• The opportunity to participate in annual, performance -related bonus plan and valuable share schemes
• Generous pension contribution
• Life assurance
• Healthcare Plan (permanent employees only)
• At least 25 days holiday, plus public holidays, 26 days after 2 years’ service.
• Participate in electric car scheme