Working in Legal & General is about being there for our customers. We're available should the worst happen and we work together to drive social and financial equality across the UK. This is an exciting time to join us as we embark on a transformation journey that brings innovation, technology and design to the fore of our business.
From HR and Digital teams through to Group Finance, Risk and Corporate Comms - our Group function support our businesses across the UK and abroad. Delivering essential services and activities that have a real impact on our business and our customers lives, we enable our people to do what they do best, contributing to delivering a great customer service, profitability and strategic growth.
We are an equal opportunities employer and welcome applications from all suitably qualified candidates.
The primary responsibility of the Information Security Manager is to manage the security assurance activities across all cyber security services delivered by Group Digital. The Information Security Manager will be responsible for Security assurance of services provided; data protection activities, and delivering security training and awareness across Group Digital.
Assist the Head of Digital Governance in defining the security assurance schedule and corresponding metrics and key risk indicator for measuring the effectiveness of the assurance programme
Perform quality assurance reviews of the control testing papers and final reports collated by the Security Assurance Analysts as part of the Legal & General control testing activities required to ensure ongoing compliance with policies and standards
Support IT Security and control owners to identify and implement remediation actions required to close internal and external audit findings in a timely and effective manner
Manage relationship and performance of security testing service providers (e.g. for penetration tests or red team testing) in order to ensure planning and execution of these tests is effective in identifying Legal and General's key security risks
Support Group IT and the business with transformation projects by performing security assessments and ensuring that controls and security requirements are being implemented through the transformation lifecycle
Assist the Head of Digital Governance and the CISO office in preparing and presenting assurance reports and papers to the Audit Committee and Board to help ensure senior stakeholders have a clear understanding of Legal & General's key security risks
Strong understanding of assurance methodologies and testing protocols
Strong understanding of cyber controls and cyber risks to identify and evaluate control effectiveness and identify any potential gaps between cyber risks and existing cyber controls
Understanding of various cyber technologies such as endpoint protection, DLP, insider threat protection, mobile device protection etc.
Have an eye for detail
Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively
Strong analytical skills
Prior experience in information security is essential
Prior leadership/ management experience is essential
Prior work experience in delivery, managing and quality assuring information security assurance activity
Experience in managing complex stakeholder relationships
Experience in financial service industry is preferred but is not essential
Ability to interact with senior security stakeholders and report on programme effectiveness
Information Security and/or Information Technology industry certification (CISA, CISSP, CISM or equivalent) strongly preferred
Member of Institute of Information Security Professionals (M.IISP) or have the qualification, skills and experience to become a member
Whatever your role, Legal & General rewards ability, performance and attitude with a package that looks after things that matter to you.
Our employees have a wide range of benefits including:
A generous pension scheme
27 holiday days
Private medical insurance
Performance related bonuses
A variety of share schemes
Discounts on high street and our own great products
Be unique. Be authentic. However you prefer to say it, we really mean it. Our culture
embraces people’s diverse perspectives and creates a positive environment where everyone
belongs. We’re determined to build a better, more connected world for everyone.