The role of the Access Control Lead is to support the ongoing maturity of the Identity and Access Management process and controls within Group Finance.

The role of the Access Control Lead is to support the ongoing maturity of the Identity and Access Management process and controls within Group Finance. The role holder will own and govern the processes and controls in place to ensure access to application and systems is based on least privilege and is based on an individual’s role (Role Based Access Control), ensure the correct authorisation is in place for access requests and that access rights are regularly reviewed for accuracy. The role holder will be the central point for Access Management controls standards, queries and a contact point during audits.

• Own the processes for requesting access modifications to Group Finance apps, the governance and control processes to ensure they’re working effectively such that we can have confidence that access is only granted where required, and managed in line with L&G’s commitment to Treating Customers Fairly
• Oversee the segregation of duties and toxic combinations controls over the Group Finance applications, ensuring these are integrated to access provisioning processes and implement governance checks for approved combinations and regular review
• Oversee recertification of user access on Group Finance applications, ensure a timelines are in place for regular reviews and provide management Information over the state of recertification and processed access removals
• Maintain a list of non-user IDs such as service accounts and generic IDs (i.e. test accounts), and own the processes to ensure these are only created with the Access Control Teams involvement
• Operate the controls alongside the team. Ensuring the regular control schedule is met
• Governance – Implement control reviews and checks to ensure the controls are being operated correctly and we can have confidence in the control framework and can subsequently prove to internal and external audit our controls are effective
• Provide metrics and reports for Access control activities to the Head of Information Security  in order to measure effectiveness of our controls and identify the risk we carry
• People Management – manage, motivate and develop employees at all levels, in a manner that is consistent with the company’s policies and procedures including the Partnership Agreement, to maximise the performance of the Access Control team

• Appropriate security qualifications and memberships (e.g. BSc/MSc, CISA, CISSP, etc.) are desirable, but not essential, or demonstrable equivalent experience in this field

• Information Security broadly is desirable

• Knowledge of Access Control Security and Control assessments are essential, operation of such control is desirable

• Familiarity of Internationally recognised and formal standards for IT control, Security Risk Management and Security Management Systems, such as ISO2700x, COBIT, COSO, ITIL and NIST Cyber Security Framework is desirable

• Access Control processes

• Leading / running an operational team

• Ticketing systems used in a support function i.e. Remedy, ServiceNow

• Exposure to audit and presentation of evidence

• Practical, common sense delivery of successful, collaborative security solutions

• Experience of leading a small team desirable

Whatever your role, Legal & General rewards ability, performance and attitude with a package that looks after things that matter to you.

Our employees have a wide range of benefits including:

• A generous pension scheme
• Life assurance
• 25 holiday days
• Private medical insurance
• Performance related bonuses
• A variety of share schemes
• Discounts on high street and our own great products

Your hard work will be rewarded when you join us.

Our view is that this role is suitable for agile working. This means we would consider a more flexible working arrangement, where your hours and work location are managed according to business, customer and personal needs’ For this role, you would be based in Hove, but you could work in other Legal and General offices or at home, as necessary, provided this meets business needs. Details of agile working will be discussed during the interview process.

For further information please contact Anastasia Jurcenko on Anastasia.Jurcenko@landg.com.

No agencies.