AVP - Cyber Risk Oversight

Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent.

As oversight consultant specializing in Cyber Security, you will be responsible for assessing the security posture / risk of our organization’s on-premise & cloud-based infrastructure and applications. Your primary objective is to identify vulnerabilities, assess risks, and provide recommendations to enhance the security posture of our cloud environment.

Key Responsibilities :

• Develop and maintain high level Cyber Risk policy, embedding relevant Group, regulatory and industry good practice requirements
• Manage the risk appetite statements for technology and digital risks in relation to cyber and provide reporting to the Risk committee of performance against these statements sampling
• Oversee and guide Cyber Risk mitigation projects and controls improvement initiatives. Lead and manage enterprise wide Red / Blue / Purple teaming activities and provide oversight for regulatory testing like CBEST / FCA Audits.
• Assess the effectiveness of processes and internal controls implemented by the first line and infrastructure functions through a programme of a sampling to evaluate their quality and associated documentation, and feedback for action
• Cloud Security Assessment : Oversight of cloud security and services, including AWS, Azure, GCP, or other cloud providers.
• Participate in cyber incident response planning, testing, and execution when invoked to support a real incident
• Participate in the annual programme of deep dive and thematic reviews, leading reviews where these relate to cyber across all business areas and outsourced service providers as may be required
• Assess first line processes and technical analysis of cyber security events and root cause as well as remedial solutions, and provide a second line view on their effectiveness
• Provide advice and guidance on compliance with regulatory requirements that relate to cyber risk and contribute to regulatory enquiries on the same.
• Oversee the identification, assessment, processing, analysis, and reporting of tactical and strategic threat intelligence to assist in decision making and actively thwart emergent and current threats targeting our organisation.

We have a diverse workforce and an inclusive culture at M&G Global Services, regardless of gender, ethnicity, age, sexual orientation, nationality, disability or long term condition, we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.