Cyber Risk Consultant

At M&G our purpose is to give everyone real confidence to put their money to work. As an international savings and investments business with roots stretching back more than 170 years, we offer a range of financial products and services through Asset Management, Life and Wealth. All three operating segments work together to deliver attractive financial outcomes for our clients, and superior shareholder returns.

Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent.

We will consider flexible working arrangements for any of our roles and also offer work place accommodations to ensure you have what you need to effectively deliver in your role.

Overall Job Purpose

• The Cyber Risk Consultant reports to the Head of Technology Risk and Support Functions Oversight.
• The role is part of the wider M&G plc Risk & Compliance function, which is responsible for providing independent guidance and advice, and delivering insight on risk to support decision making.
• The role holder is a subject matter expert in cyber security, who will be providing oversight across M&G plc, including delivering independent second line evaluation of the strength of first line security controls.
• The role manages the planning and delivery of Red Team Cyber testing activities and provides effective end to end stakeholder engagement in relation to the findings made during these tests.
• The role is also responsible for developing and operating a second line model for delivering oversight of M&G’s cyber capabilities, including for example, cyber threat and incident management capability.
• The role works in close partnership with stakeholders across the business in Technology, Security, Non-Financial Risk, external suppliers, and with programme leads to ensure effective oversight of cyber risk across M&G plc.
• The role also supports the wider Non-Financial Risk team by providing specialist advice and expertise on technology and cyber risk.
  
  

Responsibilities

The role holder will:

• Manage the planning, engagement and delivery of Red Team Cyber testing activities with appropriately qualified third party cyber specialists.
• Assess the effectiveness of first line controls, including the SOC (Security Operation Centre), and provide a second line view of cyber security events and associated remedial actions.
• Provide second line oversight of cyber security risk mitigation programmes, projects and control improvement initiatives, including the use of AI in enhancing cyber security.
• Participate in the annual programme of deep dive and thematic reviews, leading reviews where these relate to cyber.
• Provide actionable feedback to first line based on a risk-based programme of sampling to evaluate the quality of cyber security controls.
• Manage the risk appetite statements for technology and digital risks in relation to cyber, and report performance against them.
• Participate in cyber incident response planning, testing, and execution when required.
• Provide second line oversight of the end to end processes for cyber threat intelligence.
• Provide advice and guidance on compliance with regulatory requirements that relate to cyber risk, and contribute to regulatory responses.
• Support Risk & Control Self Assessments and timely closure of assurance actions.
• Build effective relationships stakeholders in Technology, Security and business functions as well as collaborating with third parties and business partners.
• Ensure compliance to the people policies, Group Code of Conduct and embedding of desired behaviours, including completion of any mandatory training requirements.
• Work flexibly in support of the wider Risk and Compliance agenda.
• Line manage a Risk professional in the Technology Risk team.
  
  

Key Interfaces

Internal:

• M&G plc Risk and Compliance
• All M&G plc UK Business Areas and Senior Management Teams
• Internal Audit
  
  

External:

• External Suppliers and Business Partners
• External Auditors
• Regulators
  
  

Experience And Skills

• 12+ years’ experience within financial services or consulting/technology companies in a cyber security or technology risk function, or similar experience.
• Significant, broad based knowledge of cyber security practices including risk management principles, architectural requirements, security engineering, threat intelligence, vulnerability management, and incident response.
• Excellent stakeholder management skills, with the ability to successfully navigate a complex organisation and build strong relationships with teams across the business.
• Experience leading cyber risk reviews and presenting information in a simple and effective way.
• Experience defining and embedding cyber risk appetite processes.
• Able to deliver clear gap analysis against cyber security policy, standards and technology risk requirements, using industry best practice.
• Strong understanding of cyber security products and technologies utilized in Enterprise environments and good knowledge of Cloud, primarily Microsoft Azure.
• Previous experience as part of a security operations or incident response organization would be beneficial.
• Good knowledge of threat modelling techniques with some experience in developing threat models.
• Keen understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity.
• Ability to operate in a diverse and multi-cultural environment with international work or consultancy exposure.
• Curious mindset, strong analytical thinking, gravitas and ability to be pragmatic where appropriate.
  
  

Education And Professional Qualifications Preferred

• Graduate/Post-Graduate degree in Engineering, Information Technology or Computer Science
• Relevant Certification in Cyber Security and cloud such as CISSP, CISA, CISM
  
  

Experience Level: Manager/Expert

Recruiter: Helen Simons

We have a diverse workforce and an inclusive culture at M&G plc, underpinned by our policies and our employee-led networks who provide networking opportunities, advice and support for the diverse communities our colleagues represent. Regardless of gender, ethnicity, age, sexual orientation, nationality, disability or long term condition, we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.

M&G is also proud to be a Disability Confident Leader, and we welcome applications from candidates with long-term health conditions, disabilities, or neuro-divergent conditions. Being a Disability Confident Leader means that candidates who meet the minimum criteria of a job, will be offered an interview if they 'opt in' to the scheme when applying.

If you need assistance or an alternative means of applying for a role due to a disability or additional need, please let us know by contacting us at: [email protected]