The primary responsibility of the Information Security Manager is to manage the security assurance activities across all cyber security services delivered by Group Digital.

The primary responsibility of the Information Security Manager is to manage the security assurance activities across all cyber security services delivered by Group Digital. The Information Security Manager will be responsible for Security assurance of services provided; data protection activities, and delivering security training and awareness across Group Digital.

• Ensure that Group security policy, standards, guidelines and procedures are implemented
• Assist the Head of Digital Governance in defining the security assurance schedule and corresponding metrics and key risk indicator for measuring the effectiveness of the assurance programme

• Perform quality assurance reviews of the control testing papers and final reports collated by the  Security Assurance Analysts as part of the Legal & General control testing activities required to ensure ongoing compliance with policies and standards
• Support IT Security and control owners to identify and implement remediation actions required to close internal and external audit findings in a timely and effective manner
• Manage relationship and performance of security testing service providers (e.g. for penetration tests or red team testing) in order to ensure planning and execution of these tests is effective in identifying Legal and General’s key security risks
• Support Group IT and the business with transformation projects by performing security assessments and ensuring that controls and security requirements are being implemented through the transformation lifecycle
• Assist the Head of Digital Governance and the CISO office in preparing and presenting assurance reports and papers to the Audit Committee and Board to help ensure senior stakeholders have a clear understanding of Legal & General’s key security risks

• Strong understanding of assurance methodologies and testing protocols
• Strong understanding of cyber controls and cyber risks to identify and evaluate control effectiveness and identify any potential gaps between cyber risks and existing cyber controls
• Understanding of various cyber technologies such as endpoint protection, DLP, insider threat protection, mobile device protection etc.
• Have an eye for detail
• Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively
• Strong analytical skills
• Prior experience in information security is essential
• Prior leadership/ management experience is essential
• Prior work experience in delivery, managing and quality assuring information security assurance activity
• Experience in managing complex stakeholder relationships
• Experience in financial service industry is preferred but is not essential
• Ability to interact with senior security stakeholders and report on programme effectiveness
• Information Security and/or Information Technology industry certification (CISA, CISSP, CISM or equivalent) strongly preferred
• Member of Institute of Information Security Professionals (M.IISP) or have the qualification, skills and experience to become a member

Whatever your role, Legal & General rewards ability, performance and attitude with a package that looks after things that matter to you.

Our employees have a wide range of benefits including:

• A generous pension scheme
• Life assurance
• 27 holiday days
• Private medical insurance
• Performance related bonuses
• A variety of share schemes
• Discounts on high street and our own great products

Your hard work will be rewarded when you join us.

A Jurcenko