Head of Security Management and Assurance

We’re sorry. We’re no longer accepting applications for this role.

Search and apply for similar opportunities or register your interest to receive alerts of the latest suitable jobs as they become available. 

VN-14697

Permanent

Hove OR London

Competitive

17 December 2019

The primary responsibility of the Head of Security Management and Assurance is to run the security management and assurance function within Group IT Security, which includes the management of security assurance, supplier governance and third-party risk management. The Head of Security Management and Assurance will work closely with the CISO Office and other Group IT Security functions.

  • Oversee the day-to-day activities conducted by the Security Assurance Manager and Security Supplier Governance Manager and provide guidance in the event of escalations, to help ensure Legal and General’s cyber risks are pro-actively managed.
  • Coordinate with the CISO Office, the 1.5 Line-of-Defence and the Internal Audit function in order to coordinate the execution of internal and external audits and manage the delivery of the required remediation activities in a timely manner.
  • Develop and continuously improve Legal & General’s internal security assurance and external third party risk management frameworks and processes to help ensure that the information security controls outlined in the Legal & General policies and standards are effectively applied both internally and by third party providers.
  • Act as key point of escalation for delays in the implementation of remediation activities and reporting of incidents or non-conformities related to third party providers, to help ensure risks related to third parties are pro-actively managed.
  • Develop schedule and oversee the delivery of assurance related activities across all security services delivered by Group IT Security. Develop schedule and oversee the delivery of supplier assurance activities for third-party suppliers across Legal & General.
  • Act as key point of escalation for delays in the implementation of remediation activities and reporting of incidents or non-conformities related to third party providers, to help ensure risks related to third parties are pro-actively managed.
  • Manage, motivate and develop employees at all levels, in a manner that is consistent with the Company’s policies and procedures the including Partnership Agreement, to maximise the performance of the area.
  • Ensure alignment to L&G’s Customer Experience and Treating Customers Fairly (TCF) policy.

Education & Qualifications 

  • Bachelor’s degree (preferred but not essential) or equivalent experience in a related field
  • A master’s degree in Information / Cyber Security or Audit would be an advantage
  • Information Security and/or Information Technology industry certification (CISA, CISSP, CISM or equivalent) strongly preferred
  • Member of Institute of Information Security Professionals (M.IISP) or have the qualification, skills and experience to become a member

Knowledge:

  • Strong understanding of cyber controls and cyber risks to identify and evaluate control effectiveness and identify any potential gaps between cyber risks and existing cyber controls
  • Basic understanding of various cyber technologies such as endpoint protection, DLP, insider threat protection and mobile device protection
  • Expertise in reporting and control techniques associated to monitoring and governance of engineering and operations teams and business initiatives
  • Knowledge of various global security standards and frameworks such as ISO27001/2
  • Ability to engage with third-party suppliers to manage control-level technical cyber risk assessments
  • Ability to interact with senior security stakeholders and report on programme effectiveness
  • Have an eye for detail
  • Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively
  • Strong analytical skills

Experience:

  • Prior work experience in information security is essential
  • Prior leadership/ management experience is essential
  • Prior work experience in delivery, managing and quality assuring information security assurance activity
  • Experience with regulatory requirements such as PCI standards, GDPR, and Pensions Regulator Guidance on cyber security principles
  • Experience implementing standards, policies and controls
  • Experience with security frameworks such as ISO 27001/2 or NIST 800-53
  • Experience in conducting third-party audits / assurance is essential

Leadership:

  • Strong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, works effectively as a team player

Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, 30 days' holiday, private medical insurance, performance related bonuses, discounts at both a huge range of high street stores and our own great products, as well as a 12% car allowance scheme, your hard work will be rewarded when you join us.

For further information please contact Ari Zastawna on Ari.zastawna@landg.com

 

About L&G

Working here is about being there for our customers; we’re available should the worst happen and we work together to enable social and financial equality across the UK. But it’s also about you –how you develop and what you can achieve. We’ll help your talent thrive in an environment where you’ll be supported to work flexibly and autonomously, sharing in our success and rewarded for a great performance with a generous benefits package.

About the business area

From HR and Digital teams through to Group Finance, Risk and Corporate Comms – our Group function support our businesses across the UK and abroad. Delivering essential services and activities that have a real impact on our business and our customers lives, we enable our people to do what they do best, contributing to delivering a great customer service, profitability and strategic growth.

We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender identity or age.

About L&G

Working here is about being there for our customers; we’re available should the worst happen and we work together to enable social and financial equality across the UK. But it’s also about you –how you develop and what you can achieve. We’ll help your talent thrive in an environment where you’ll be supported to work flexibly and autonomously, sharing in our success and rewarded for a great performance with a generous benefits package.

About the business area

From HR and Digital teams through to Group Finance, Risk and Corporate Comms – our Group function support our businesses across the UK and abroad. Delivering essential services and activities that have a real impact on our business and our customers lives, we enable our people to do what they do best, contributing to delivering a great customer service, profitability and strategic growth.

We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender identity or age.