The primary responsibility of the Security Supplier Governance Manager is to oversee third party security risk for all Legal & General third-party suppliers and oversee the governance of all security service providers.

1.

Assist the Head of Security Management and Assurance in defining the third party security assurance framework, schedule and corresponding metrics / KPIs for measuring the programme effectiveness. Oversee the cyber security assessment of third-party suppliers performed by the
Third Party Assurance Analysts and provide quality assurance and sign off of final reports.

2.

Collaborate with supplier relationship managers across Legal & General to maintain an up-to-date inventory of third-party service providers along with their associated contractual obligations, data access requirements and cyber risk levels.

3.

Manage and oversee the classification of third-party suppliers based on their risk posture, and periodically review and reprioritise third-party suppliers based on their current risk posture.

4.

Oversee the cyber security assessment of third-party suppliers performed by the
Third Party Assurance Analysts and perform quality assurance of the control papers and final reports to ensure ongoing compliance with policies and standards.

5.

Manage the governance and service delivery of Tier 1 and Tier 2 security service
providers by working with service owners to identify any delays or gaps in Service Level Agreements (SLAs) and steps required to remediate these.

6.

Serve as initial point of escalation for unresolved security issues related to any third party security service provider to ensure risks are mitigated in timely manager as required by internal and external audit.

7.

To manage the team in accordance with the Company’s policies and procedures, including the Partnership Agreement, so that the team’s business objectives are achieved consistently.

Qualifications:

Education

Bachelor’s degree (preferred but not essential) or equivalent experience in computer science, IT engineering, or related field

A master’s degree or equivalent in Information / Cyber Security would be an advantage

Certification

Information Security and/or Information Technology industry certification (CISA, CISSP, CISM or equivalent) strongly preferred

Member of Institute of Information Security Professionals (M.IISP) or have the qualification, skills and experience to become a member

Knowledge:

Strong understanding of cyber controls and cyber risks to identify and evaluate control effectiveness and identify any potential gaps between cyber risks and existing cyber controls

Basic understanding of various cyber technologies such as endpoint protection, DLP, insider threat protection and mobile device protection

Ability to engage with third-party suppliers to perform control-level technical cyber risk assessments

Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively

Have an eye for detail

Strong analytical skills

Experience:

Prior experience working in information security is essential

Prior leadership and management experience is required

Hands-on experience in performing control-level technical cyber risk assessments

Experience in managing third-party relationships is essential

Experience in financial service industry is preferred but is not essential

Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, 27 days' holiday,private medical insurance, performance related bonuses, a variety of share schemes, discounts at both a huge range of high street stores and our own great products, your hard work will be rewarded when you join us.

For further information please contact Reesa Berry, Resourcing Lead on reesa.berry@landg.com