The primary responsibility of the Infrastructure Security Manager is to manage infrastructure security (vulnerability management, network security and malware protection), application security and information protection processes for Legal & General.

• Collaborate with Head of Infrastructure Security and other key stakeholders to define and implement an organisation wide infrastructure security strategy including information protection and application security strategy, to help ensure Legal & General policies and standards and other industry requirements are met.
• Manage the day-to-day infrastructure security processes operated by the Information Protection Analyst, Application Security Analyst and third party providers in the areas of:
• Vulnerability management and network security (firewall management, web filtering, NAC, network intrusion detection, email security, endpoint and server protection etc.)
• Information protection (Data Loss Prevention management and key management)
• Application security (pre and post development control implementation and testing and provide oversight and challenge when security events arise and risks are raised, to help ensure risks are remediated effectively.
• Identify new technologies and methods which can help enhance Legal & General’s infrastructure security processes; and review and test these proposed technologies to help ensure risk areas are effectively addressed.
• Track and report on risk metrics and remediation activity for vulnerability management and network security, information protection and application security to help ensure that senior stakeholders within Group IT and business divisions are aware of key vulnerabilities and risks within the organisation.
• Provide an escalation point for infrastructure security events and coordinate with the security operations team and incident management personnel to ensure that any incidents are managed in a timely and effective manner.
• Manage the team in accordance with the Company’s policies and procedures, including the Partnership Agreement, so that the team’s business objectives are achieved consistently.

Education & Qualifications 

• Bachelor’s degree (preferred but not essential) or equivalent experience in computer science, IT engineering, or related field
• An MSc Information Security or equivalent would be an advantage
• Information Security and/or Information Technology industry certification (CEH, CISSP, CISM, GIAC or equivalent) strongly preferred
• Member of IISP or have the qualification, skills and experience to become a member

Knowledge:

• Accomplished in designing secure networks (firewall/IPS/IDS) systems, endpoint security (Anti-virus, malware detection, data loss prevention) systems, security testing solutions etc.
• Adept at designing and developing threat detection and protection solutions at various network and domain services level (proxy/email/content filtering/backup/file & print/patching)
• Knowledge of various operating systems such as Windows, Linux and Unix
• Ability to monitor third-party suppliers for SLA adherence and compliance with established key risk and performance indicators
• Extensive knowledge of infrastructure components, networks, applications, middleware and databases for identifying and addressing security threats
• Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively
• Strong interpersonal and communication skills; able to deal effectively with diverse skill sets and personalities, works effectively as a team player
• Strong analytical skills

Experience:

• Prior work experience in information security is essential
• Prior work experience in infrastructure security is essential
• Prior experience in enterprise security architecture design and document creation, performing security vulnerability scans, reviewing application and operating system access controls, and analysing physical access to the systems is required
• Experience in managing a virtual team preferred but not essential
• Ability to engage with third-party suppliers for management and delivery of infrastructure security services
• Proficient in reporting to leadership on programme effectiveness

Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, 27 days' holiday,private medical insurance, performance related bonuses, a variety of share schemes, discounts at both a huge range of high street stores and our own great products, your hard work will be rewarded when you join us.

For further information please contact Ari Zastawna, Resourcing Business Partner on ari.zastawna@landg.com