Job Specifications
At M&G our purpose is to give everyone real confidence to put their money to work. As an international savings and investments business with roots stretching back more than 170 years, we offer a range of financial products and services through Asset Management, Life and Wealth. All three operating segments work together to deliver attractive financial outcomes for our clients, and superior shareholder returns.
Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent.
We will consider flexible working arrangements for any of our roles and also offer work place accommodations to ensure you have what you need to effectively deliver in your role.
Overall Job Purpose
The Cyber Risk Consultant reports to the Head of Technology Risk and Support Functions Oversight.
The role is part of the wider M&G plc Risk & Compliance function, which is responsible for providing independent guidance and advice, and delivering insight on risk to support decision making.
The role holder is a subject matter expert in cyber security, who will be providing oversight across M&G plc, including delivering independent second line evaluation of the strength of first line security controls.
The role manages the planning and delivery of Red Team Cyber testing activities and provides effective end to end stakeholder engagement in relation to the findings made during these tests.
The role is also responsible for developing and operating a second line model for delivering oversight of M&G's cyber capabilities, including for example, cyber threat and incident management capability.
The role works in close partnership with stakeholders across the business in Technology, Security, Non-Financial Risk, external suppliers, and with programme leads to ensure effective oversight of cyber risk across M&G plc.
The role also supports the wider Non-Financial Risk team by providing specialist advice and expertise on technology and cyber risk.
Responsibilities
The role holder will:
Manage the planning, engagement and delivery of Red Team Cyber testing activities with appropriately qualified third party cyber specialists.
Assess the effectiveness of first line controls, including the SOC (Security Operation Centre), and provide a second line view of cyber security events and associated remedial actions.
Provide second line oversight of cyber security risk mitigation programmes, projects and control improvement initiatives, including the use of AI in enhancing cyber security.
Participate in the annual programme of deep dive and thematic reviews, leading reviews where these relate to cyber.
Provide actionable feedback to first line based on a risk-based programme of sampling to evaluate the quality of cyber security controls.
Manage the risk appetite statements for technology and digital risks in relation to cyber, and report performance against them.
Participate in cyber incident response planning, testing, and execution when required.
Provide second line oversight of the end to end processes for cyber threat intelligence.
Provide advice and guidance on compliance with regulatory requirements that relate to cyber risk, and contribute to regulatory responses.
Support Risk & Control Self Assessments and timely closure of assurance actions.
Build effective relationships stakeholders in Technology, Security and business functions as well as collaborating with third parties and business partners.
Ensure compliance to the people policies, Group Code of Conduct and embedding of desired behaviours, including completion of any mandatory training requirements.
Work flexibly in support of the wider Risk and Compliance agenda.
Line manage a Risk professional in the Technology Risk team.
Key Interfaces
Internal:
M&G plc Risk and Compliance
All M&G plc UK Business Areas and Senior Management Teams
Internal Audit
External:
External Suppliers and Business Partners
External Auditors
Regulators
Experience And Skills
12+ years' experience within financial services or consulting/technology companies in a cyber security or technology risk function, or similar experience.
Significant, broad based knowledge of cyber security practices including risk management principles, architectural requirements, security engineering, threat intelligence, vulnerability management, and incident response.
Excellent stakeholder management skills, with the ability to successfully navigate a complex organisation and build strong relationships with teams across the business.
Experience leading cyber risk reviews and presenting information in a simple and effective way.
Experience defining and embedding cyber risk appetite processes.
Able to deliver clear gap analysis against cyber security policy, standards and technology risk requirements, using industry best practice.
Strong understanding of cyber security products and technologies utilized in Enterprise en
About the Company
M&G plc is a leading international savings and investments business, managing money for around 4.6 million individual clients and more than 900 institutional clients in 38 offices worldwide. As at 31 December 2024, we had PS345.9 billion of assets under management and administration. Our purpose is to give everyone real confidence to put their money to work.
With a heritage dating back more than 175 years, M&G plc has a long history of innovation in savings and investments, combining asset management and insurance expertise...
Know more