Information Security Risk Lead - Group Technology Risk

Legal & General is a leading UK financial services group and major global investor. We’ve been safeguarding people’s financial futures since 1836, aiming to build a better society for the long term by investing our customers’ money in things that make life better for everyone and create value for our shareholders.

Our Group Functions provide the services that all areas of the business need. This requires a talented and diverse team behind the scenes, who enable everyone at L&G to do what they do best. 

Joining us means helping to improve the lives of our customers and contributing to the success of the business every day.

We’re looking for an Information Security Risk Lead to join us in either London, Hove or Cardiff!

You’ll play a key role in overseeing technology and Information Security risk across our Group CTO and Group CISO teams to ensure relevant risks are being identified, well understood, and managed within agreed risk appetite. In addition to this, you’ll also act as an SME to assess the adequacy of plans that are in place to address any identified gaps, ensuring that the appropriate Executive and Board focus is achieved.

What you'll be doing:

• Engaging with the Group CISO 1LoD Information Security teams to provide oversight, challenge, support and advice in relation to Cyber (Information Security) risk. Providing advice and support to the Group Head of Technology & Information Security and Group CTO Risk Partner to direct an overall Information Security Risk policy
• Undertaking assurance of 1st line management actions to manage Information Security risk, working closely with Group CISO, and divisional Technology Risk Partners and Group Internal Audit, including supporting the delivery of the Technology and Information Security Risk and Control Self Assessments (RCSA), acting as centre of excellence for Information Security Risk where required
• Supporting the development of policy and governance for the oversight and reporting of Information Security risk, including ensuring that the risk is appropriately covered and reported at relevant group oversight and governance committees
• Providing Information Security opinions on the management of Cyber (Information Security) Risk as an SME area and working with 1LoD teams to oversee the effectiveness of the Cyber and Information Security Framework and Taxonomy
• Providing input and leadership into the Group Technology & Data Risk Centre of Excellence supporting an aggregate view of Cyber (information security), working closely with the Group CISO, divisional Technology Risk Partners and divisional Information Security Managers to ensure that risk relating to Cyber (information security) risk is understood, managed and reported
• Staying abreast of changes and challenges related to emerging technologies, including industry trends and standards, and championing the communication of key risk issues and educating the technology and risk communities on the industry landscape
• Ensuring that the principles of Conduct Risk are always embedded into day-to-day operations to deliver good customer outcomes, ensuring that all business processes and internal controls within the role are designed and performed in a way that delivers good customer outcomes and demonstrates effective management of Conduct Risk
• Ensuring that the appropriate process, systems, and controls are in place, and that relevant resilience risks and issues are identified and escalated in Group Risk

Who we're looking for:

• Strong knowledge of Information/Cyber Security and IT
• A broad knowledge of range of recognised information security standards and technical frameworks (e.g., ISO 27001, NIST CSF, SOC-2 attestation, PCI DSS, CoBIT)
• A practical understanding of general security practices such as encryption, IAM, security information and event management etc. and supporting technologies
• A good understanding of IT Information risks, including confidentiality, integrity, availability, availability, authenticity
• You’ll also have experience of working in a regulated environment, including the 3 lines of defence risk management model
• Strong interpersonal skills with the ability to collaborate with a variety of colleagues across different seniority levels

Whatever your role, we reward performance and behaviour with a package that looks after all the things that are important to you. Here are some of the benefits we offer: 

• The opportunity to participate in our annual, performance-related bonus plan and valuable share schemes  
• Generous pension contribution  
• Life assurance   
• Private medical insurance (permanent employees only) 
• At least 25 days holiday, plus public holidays, 26 days after 2 years’ service. There’s also the option to buy and sell holiday 
• Competitive family leave 
• Participate in our electric car scheme, which offers employees the option to hire a brand-new electric car through tax efficient salary sacrifice 
• There are the many discounts we offer – both for our own products and at a range of high street stores and online   
• In 2023, some of our workspaces were redesigned. Our offices are great spaces to connect and collaborate and have your wellbeing at the heart

Legal & General is a leading financial services group and major global investor, named Britain’s Most Admired Company in 2023, for the second year running. Rated top in our sector and top for inspirational leadership, we have a strong heritage and an exciting future.

We aim to build a better society for the long term by investing our customers’ money in things that make life better for everyone.

If you join us, you’ll be part of a welcoming culture, with opportunities to collaborate with people of diverse backgrounds, views and experiences. Guided by leaders with integrity who care about your future and wellbeing. Empowered through initiatives which support people to develop their careers and excel.

We strive to be open, mindful and inclusive, so are always willing to discussing flexible working arrangements and reasonable accommodations for candidates with specific needs.

If you’re open to find out more, we'd love to hear from you.