Senior Manager, Business Information Security
Apply locations London, United Kingdom time type Full time posted on Posted 30+ Days Ago job requisition id R0093633
Key accountabilities:
1. Reviewing and assessing the information security and cyber controls that enables FTSE Russell to conduct its business in a secure manner, and gap analysis of the same and the oversight of InfoSec/Cyber related control gap/risk remediation activities.
2. Lead and analyse the information security roadmaps, strategies, programmes, and projects within FTSE Russell, identifying and reporting risks, trends and future opportunities for improvement and enhancement, proactively engaging and working closely with the technology and cyber teams.
3. Provide updates to FTSE Russell management from the three lines of defence regarding the delivery and progress of various strategic cyber initiatives and broader cyber programme within LSEG.
4. Engaging with external third parties who provide services to FTSE Russell and working closely with the established internal third-party oversight functions to ensure appropriate and contracted levels of security are met.
5. Establish and maintain a Cyber Risk Profile of FTSE Russell in line with other areas of LSEG, and assist with the establishment towards maintenance of a Risk Control Assessment (RCA) that focuses on InfoSec/Cyber risks and associated controls.
6. Drive established key performance indicators, including executive level presentation materials and ensuring that all management information (MI) is an accurate reflection of the current control’s estate.
7. Assessing the security architecture solution designs and risk position of projects and initiatives undertaken by FTSE Russell and working closely with associated SMEs and design authorities to ensure projects are delivered in compliance with Policies and Standards, and with security design principles considered/implemented as key success results.
8. Develop business goals and operational risks, identifying key areas for improvement and supporting the risk management decision processes and risk forums/committees.
9. Assisting with the identification of emerging information and cyber security threats to the business, and the subsequent analysis to realise and lead all aspects of risk mitigation plans.
10. Work closely with governance stakeholders in the 1st, 2nd, and 3rd lines of defence on all matters relating to information security, cyber risk, data privacy, including all regulatory and legislative considerations.
11. Constructively and pragmatically challenge established controls to ensure, recommend, and accommodate continuous improvement, ensuring management understands their responsibilities in relation to security risk mitigation and remediation.
12. Monitor industry information security trends and keep the business leadership informed about information security-related issues and activities potentially affecting the organisation and specific business functions.
13. Review and document the technologies and security controls across the firm, including areas such as office spaces, data centres and cloud.
14. Implement and conclude the security controls maturity assessments against industry standards such as the NIST Cyber Security Framework, ISO27001/2, SOC2, etc.
15. Review and appropriately respond to regulatory and legislative matters and produce and present risks and risk postures/cyber maturity to senior/executive bodies.
16. Build knowledge of business units by assisting them with their security workloads, agendas, and difficulties and maintain a balanced relationship with risk, compliance, legal, human resources, and internal and external audit functions.
Key Skills:
1. Knowledge of technology, security, and threat landscapes.
2. Staying abreast of emerging technologies, including all security technologies.
3. Sustaining a deep and in-depth knowledge of the cyber threat landscape.
4. Maintain and constantly enrich knowledge of information security and cyber risks as they develop.
5. Ability to propose and explain appropriate cyber risk counter measures clearly and concisely.
6. Remaining informed and knowledgeable on primary global data protection regulations and legislation.
7. Proven track record in senior InfoSec management roles including presentations to Boards and Regulatory engagement.
8. Extensive previous exposure to FS or FMI industry organisations.
9. High performance in problem solving, innovating and critical thinking.
10. Excellent written/verbal communication and stakeholder leadership skills.
11. Ability to clearly articulate ideas to both technical and non-technical audiences.
12. Must be capable of working pragmatically and efficiently in both a team and alone.
13. Able to prioritise efficiently and appropriately with minimal supervision.
14. Able to work in a fast-paced, high-volume workload environment, prioritising accordingly.
Desirable & Advantageous Certifications:
1. CISSP-ISSAP, CISSP-ISSEP, CISM, CCSP, CCSK, CEH.
2. ISO27K, ISF SOGP, NIST CSF, CIS, CSA STAR, CBEST, TIBER-EU, SOC2.
LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.
Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence, and Change underpin our purpose and set the standard for everything we do, every day.
Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce.
We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law.
Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.
HOW TO APPLY?
About Us
LSEG (London Stock Exchange Group) is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.
Our organisation
Our Data & Analytics, Capital Markets and Post Trade divisions have a combined power that provides a comprehensive, integrated suite of trusted financial market infrastructure services to help our customers pursue their ambitions.
Where we work
LSEG is headquartered in the United Kingdom, with significant operations in 70 countries across Europe, the Middle East, Africa, North America, Latin America and Asia Pacific.
#J-18808-Ljbffr