Security Controls Specialist - London Stock Exchange Group

Are you a top-tier Cyber Security specialist and want to use your expertise to help safeguard the infrastructure that powers global financial markets? We are seeking a Cyber Security Controls Specialist to work within the engineering team. This role is important in ensuring that our controls are well-understood, effectively implemented, and accurately represented during internal and external audits and assessments. The ideal candidate will bring a strong blend of technical expertise, audit experience, and risk management knowledge. You will be the lead in representing technical controls to auditors, translating sophisticated security controls into clear, auditable evidence and narratives. You will help the teams in ensuring robust evidence exists to support control design and operation on an ongoing basis.

Key Responsibilities

• Control Testing & Validation: Conduct proactive internal control assessment activities to validate the effectiveness of controls and identify areas for improvement for the team. Ensuring controls are accurately documented, maintained and with the correct measurements in place to simplify audit and assessment activities.
• Audit & Assessment: Lead the team response to audits, regulatory, customer assessments, and compliance reviews by representing and providing clear, concise, and technically accurate evidence and explanations. A key outcome is servicing multiple concurrent audit and assessment activities through standardised processes and evidence.
• Technical Translation: Translate sophisticated technical security concepts and measures into plain-friendly language appropriate for collaborators, auditors, and risk managers.
• Risk Management: Collaborate with teams to ensure cyber risks are appropriately identified, assessed, accurately recorded and mitigated through effective control design and operation.
• Continuous Improvement: Identify gaps or weaknesses in existing controls and related documentation and recommend improvements by working closely with the control owners. Being technical, you have the ability to not only understand how security controls work but to influence how they’re designed, implemented, and measured in conjunction with the team.

Required Qualifications & Experience

• Audit & Controls Experience: Proven experience working in a technical audit role assessing controls in highly regulated global organisations. Has comprehensive understanding of control evidencing and appropriate robust measures.
• Technical Cyber Security Expertise: Strong understanding of common security technologies, security threats, security frameworks, foundational technologies such as cloud and associated processes. Practical experience of providing guidance and support to first line of defence technical engineering teams in uplifting control related evidence and measures. Demonstration of continuous learning to expand technical understanding of controls to a comprehensive level.
• Communication Skills: Outstanding ability to communicate technical concepts to non-technical audiences, including auditors, senior management, and business partners. Comfortable in questioning and challenging assertions when the facts, metrics and anecdotes differ.
• Risk Management: Solid understanding of risk management principles and how they apply to cyber security controls and governance. Experience of transforming risk conversations from theoretical to actionable, challenge assumptions, and bridge the gap between policy and practice. Experience of working in common GRC tooling platforms to capture and handle issues and risks.
• Continuous Control Monitoring & Automation (Preferred): Experienced in automating controls monitoring, analysis and evidence collection to simplify assurance processes.
• Certifications (Preferred): CISSP, CISA, CRISC or similar, and technical security certifications are highly desirable.

What you’ll get in return

We recognise that to attract the best talent, we need to be flexible, and we are open to discussing work arrangements with you. We take a hybrid approach to the workplace; this role is hybrid/digital first. As a global business, we rely on diversity of culture and thought to deliver on our goals. People are at the heart of what we do and drive the success of our business. Our colleagues thrive personally and professionally through our shared values of Integrity, Partnership, Innovation and Excellence which are at the core of our culture. We embrace diversity and actively seek to attract people with unique backgrounds and perspectives. We are always looking at ways to become more agile, so we meet the needs of our teams and customers. We believe that an inclusive collaborative workplace is pivotal to our success and supports the potential and growth of all colleagues at LSEG.

Career Stage & Information

Career Stage: Manager

London Stock Exchange Group (LSEG) Information: Join us and be part of a team that values innovation, quality, and continuous improvement. If you’re ready to take your career to the next level and make a significant impact, we’d love to hear from you. LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and guide our decision making and everyday actions. We are 25,000 people across 65 countries and are committed to diversity and inclusion. We are an equal opportunities employer. This means we do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. We can reasonably accommodate applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs.