Job Description

‍

As a Cyber Security Security Risk and Controls Analyst you will support the execution and continuous improvement of risk and control activities within the first-line Global Cyber Security Risk and Controls Function. The role works closely with control owners, product teams, and risk partners to help ensure that risks are effectively identified, assessed, managed, and reported across areas such as third-party risks specific to technology, cyber security and information technology risk.

‍

The Cyber Security Risk and Controls Analyst provides hands-on support in the maintenance and assurance of controls, issue tracking, evidence gathering, and risk reporting. It drives control effectiveness, policy compliance and effective risk management across L&G globally.

‍

‍

What you’ll be doing:

• Maintaining and monitoring key cyber security controls to ensure control performance is effective and appropriately evidenced for compliance, audit and assurance purposes
• Supporting the identification, management and closure of cyber security issues, audit actions and remediation plans to ensure timely resolution and control improvements
• Contributing to cyber security risk and control self-assessments (RCSAs), supplier assessments or thematic reviews to ensure accurate identification of control weaknesses, exposures and required enhancements
• Assisting in the application of cyber security policies, standards and regulatory requirements across global technology teams to ensure appropriate alignment, awareness and compliance across teams
• Undertaking cyber security controls testing, assurance reviews and preparation for internal or external audits to ensure that evidence is complete, timely and meets defined control objectives
• Working closely with technology teams, Business Technology Risk Partners and subject matter experts to ensure a shared understanding of effective cyber security risk management processes and supporting the embedding of strong risk culture
• Maintaining and sharing up-to-date knowledge of specialist cyber security domain to ensure risk and control activities reflect current threats, best practices and regulatory requirements
• Providing SME support on IT and change initiatives with respect to delivering improvements to customer support and experience

‍

Qualifications

‍

Who we’re looking for:

• Familiarity with security frameworks such as NIST Cyber Security Framework (CSF), COBIT, ISO27001/2 and COSO
• Understanding of regulatory requirements relevant to financial services (e.g. FCA/PRA regulations, UK GDPR, DORA)
• Ability to interact with cyber security stakeholders, product owners and technical operational roles
• Experience in cyber security risk, governance or assurance within a complex, regulated environment
• Experience testing and assuring cyber security controls implementation, controls automation, risk frameworks, and audit responses across cyber security
• Cyber security related qualifications such as CISM or CISSP would also be a plus

‍