Technology Risk and Control Analyst

TL;DR

Technology Risk and Control Analyst (IT/Information Security): Supporting the effective management of Information, Technology, and Data risks across Legal & General by analysing and reporting on risk management activities with an accent on technology risk governance, control design effectiveness, and data-driven assurance. Focus on challenging stakeholders, monitoring risk exposure against tolerances, and producing high-quality risk reporting for governance forums.

Location: London (Hybrid)

Company

Legal & General is a leading UK financial services group and major global investor.

What you will do

• Embed technology policies, standards, and controls across the Group with accurate, timely metrics and reporting.
• Run data-driven deep dives and targeted assurance reviews to assess the design and effectiveness of key technology controls.
• Provide subject matter expertise on technology risk governance, framework application, and policy interpretation.
• Analyse risk and control data from systems such as OneSumX, ServiceNow, and Prevalent to monitor risk exposure against defined tolerances.
• Support assurance for high-risk technology change programmes and assess technology-related risk events and control weaknesses.
• Collate and synthesise IT and Information Security data to produce high-quality risk reporting for governance forums and committees.

Requirements

• Strong understanding of technology risk management and control practices.
• Familiarity with technology and security control frameworks (e.g., ISO 27001, COBIT, NIST).
• Experience using data analysis and analytics to produce meaningful insights and reporting.
• Practical experience in risk management across first, second, or third line of defence functions.
• Solid understanding of IT information risk principles (confidentiality, integrity, availability, authenticity).
• Ability to take ownership of deliverables and influence stakeholders through strong communication and presentation skills.

Culture & Benefits

• Annual performance-related bonus plan and share schemes.
• Generous pension contribution, life assurance, and a healthcare plan for permanent employees.
• At least 25 days holiday plus public holidays (26 days after 2 years’ service) with option to buy and sell holiday.
• Flexible working options including part-time, term-time, and job shares (role flexibility may be limited by customer demand).
• Electric car scheme via tax-efficient salary sacrifice for permanent employees.
• Investing in sustainable, modern offices across the UK to support in-person collaboration.

Hiring process

• Application review followed by interview stages to assess risk/control knowledge and stakeholder communication.