Reporting to the Chief Information Security Officer, the role of the Senior Information Security Officer is to support him/her in providing oversight of all IT, Information and Cyber Security activities and issues for the Group. The role is part of a small team established under the CISO to deliver second line of defence guidance and oversight.

Specifically this role will deliver second line leadership regarding architecture, engineering, operation and incident management. It will also develop technology cyber security strategy for the Group. The role will establish a mature and systematic approach to security, based on internationally recognised standard frameworks relevant to the Group, including ISO 27001 and NIST, as well as relevant technology standards.

Principle Accountabilities:

Security Leadership

Security Planning

Strategy Development & Oversight

Security Architecture

Security Technical Analysis

Security Delivery Oversight

Threat Intelligence & Trends

Incident Management

Monitoring and Due Diligence

Relationship Management

Qualifications:

Appropriate security qualifications and memberships (e.g. ISO27001, CISSP, CISM, etc.) are desirable. In order to demonstrate the analytical and communications skills required to perform the role it is anticipated that the role holder will be educated to degree level or have acquired relevant work experience

Knowledge:

• Information and IT Security broadly, including in-depth knowledge and practice of security architecture development, security threat technical analysis, security solutions evaluation and selection, security solutions engineering and front-line security operations
• International de facto and formal standards for IT control and Security Management Systems, including ISO2700x, COBIT, COSO, ITIL and NIST Cyber Security Framework
• The UK financial services regulatory environment and experience of regulatory inspections and surveys is desirable
• Detailed knowledge of principal technical IT and security standards, including encryption standards, IETF RFCs for security functions, etc. is essential
• In depth understanding of trends in security threats, analysis of major publicised incidents and IT trends as they relate to security threats is essential
• Detailed understanding of the implementation and operation of key security technologies, including anti-malware (simple and advanced), network perimeter and firewall, monitoring, encryption, intrusion detection, behavioural analysis, information protection, authentication, identity management and security testing.
• Structured approaches to incident and crisis management – experience of contributing to major security incident management is desirable

Experience:

• Coordination of IT and Information Security stakeholders in a complex organisation
• Working in or with security infrastructure and/or security operational functions
• Building successful working relationships and team dynamics in a matrix environment
• Practical, common sense delivery of successful, collaborative security solutions
• Defining and implementing security strategies in a federated environment
• Solving complex security problems
• Working with large scale IT outsourcing, including use of Cloud services.

Whatever your role, we reward ability, performance and attitude with a package that looks after all the things that are important to you. Our employees have a wide range of benefits including a generous pension scheme, life assurance, 30 days' holiday, private medical insurance, performance related bonuses, discounts at both a huge range of high street stores and our own great products, as well as a 12% car allowance scheme, your hard work will be rewarded when you join us.

Our view is that this role is suitable for agile working. This means we would consider a more flexible working arrangement, where your hours and work location are managed according to business, customer and personal needs. For this role, you would be based in London, but you could work in other Legal & General offices or at home, as necessary, provided this meets business needs. Details of agile working will be discussed during the interview process.

For further information about the role, please contact Lynn Morriss, UK Resourcing Lead, at lynn.morriss@landg.com