Find your next role at Legal & General
Security Supplier Governance Manager
We’re sorry. We’re no longer accepting applications for this role.
Search and apply for similar opportunities or register your interest to receive alerts of the latest suitable jobs as they become available.
VN-14719
Permanent
Hove OR London
Competitive
31 March 2020
The primary responsibility of the Security Supplier Governance Manager is to oversee third party security risk for all Legal & General third-party suppliers and oversee the governance of all security service providers.
1.
Assist the Head of Security Management and Assurance in defining the third party security assurance framework, schedule and corresponding metrics / KPIs for measuring the programme effectiveness. Oversee the cyber security assessment of third-party suppliers performed by the
Third Party Assurance Analysts and provide quality assurance and sign off of final reports.
2.
Collaborate with supplier relationship managers across Legal & General to maintain an up-to-date inventory of third-party service providers along with their associated contractual obligations, data access requirements and cyber risk levels.
3.
Manage and oversee the classification of third-party suppliers based on their risk posture, and periodically review and reprioritise third-party suppliers based on their current risk posture.
4.
Oversee the cyber security assessment of third-party suppliers performed by the
Third Party Assurance Analysts and perform quality assurance of the control papers and final reports to ensure ongoing compliance with policies and standards.
5.
Manage the governance and service delivery of Tier 1 and Tier 2 security service
providers by working with service owners to identify any delays or gaps in Service Level Agreements (SLAs) and steps required to remediate these.
6.
Serve as initial point of escalation for unresolved security issues related to any third party security service provider to ensure risks are mitigated in timely manager as required by internal and external audit.
7.
To manage the team in accordance with the Company’s policies and procedures, including the Partnership Agreement, so that the team’s business objectives are achieved consistently.
Qualifications:
Education
Bachelor’s degree (preferred but not essential) or equivalent experience in computer science, IT engineering, or related field
A master’s degree or equivalent in Information / Cyber Security would be an advantage
Certification
Information Security and/or Information Technology industry certification (CISA, CISSP, CISM or equivalent) strongly preferred
Member of Institute of Information Security Professionals (M.IISP) or have the qualification, skills and experience to become a member
Knowledge:
Strong understanding of cyber controls and cyber risks to identify and evaluate control effectiveness and identify any potential gaps between cyber risks and existing cyber controls
Basic understanding of various cyber technologies such as endpoint protection, DLP, insider threat protection and mobile device protection
Ability to engage with third-party suppliers to perform control-level technical cyber risk assessments
Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively
Have an eye for detail
Strong analytical skills
Experience:
Prior experience working in information security is essential
Prior leadership and management experience is required
Hands-on experience in performing control-level technical cyber risk assessments
Experience in managing third-party relationships is essential
Experience in financial service industry is preferred but is not essential
Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, 27 days' holiday,private medical insurance, performance related bonuses, a variety of share schemes, discounts at both a huge range of high street stores and our own great products, your hard work will be rewarded when you join us.
For further information please contact Reesa Berry, Resourcing Lead on reesa.berry@landg.com
About L&G
Working here is about being there for our customers; we’re available should the worst happen and we work together to enable social and financial equality across the UK. But it’s also about you –how you develop and what you can achieve. We’ll help your talent thrive in an environment where you’ll be supported to work flexibly and autonomously, sharing in our success and rewarded for a great performance with a generous benefits package.
About the business area
From HR and Digital teams through to Group Finance, Risk and Corporate Comms – our Group function support our businesses across the UK and abroad. Delivering essential services and activities that have a real impact on our business and our customers lives, we enable our people to do what they do best, contributing to delivering a great customer service, profitability and strategic growth.
We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender identity or age.