Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead cyber security risk management and ensure effective controls across L&G.
- Company: Join Legal & General, a leading UK financial services group with a global impact.
- Benefits: Enjoy competitive salary, generous holiday, healthcare, and performance-related bonuses.
- Why this job: Make a real difference in cyber security while shaping the future of finance.
- Qualifications: Experience in cyber security frameworks and risk management is essential.
- Other info: Flexible working options and a culture that values diversity and inclusion.
The predicted salary is between 43200 - 72000 £ per year.
Legal & General (L&G) is a leading UK financial services group and major global investor. We’ve been safeguarding people’s financial futures since 1836, and strive to build a better society, while improving the lives of our customers and creating value for shareholders. We are one of the world’s largest asset managers and provide powerful asset origination capabilities. Together, these underpin our retirement and protection solutions: we are an international player in pension risk transfer, in UK and US life insurance, and in UK workplace pensions and retirement income.
Our Group Functions provide the services that all areas of the business need. This requires a talented and diverse team behind the scenes, who enable everyone at L&G to do what they do best. Joining us means helping to improve the lives of our customers and contributing to the success of the business every day.
As a Cyber Security Risk and Controls Manager you will be the subject matter expert for cyber security risk and controls across L&G. This is a key role in the Technical Risk Functional Areas, providing expertise on cyber security related risk matters, staying abreast of emerging threats, vulnerabilities and risks within the Technical Risk Functional Areas. The purpose of the role is to ensure that cyber security controls are designed and operated across L&G in a consistent and effective manner. You will provide proactive challenge, risk and control insight supporting cyber security controls testing, assurance activities and enabling Business Technology Risk Partners with subject matter knowledge on cyber security risks to support the effective management in their business division.
Responsibilities
- Providing expert guidance on cyber security risk identification, analysis and mitigation to ensure alignment with L&G risk frameworks and evolving threat intelligence.
- Leading the implementation and continuous improvement of cyber security controls across L&G systems, applications and third parties, to ensure controls remain effective, proportionate and mitigate our key risks.
- Ensuring compliance to cyber security policies and standards, and regulatory requirements, to ensure L&G and its third parties meets internal and external requirements.
- Managing, overseeing and providing cyber security subject-matter expertise to controls testing, assurance reviews and preparation for internal or external audits, to ensure controls are appropriately evidenced, tested, and remediated adequately where required.
- Providing subject matter expertise input into the response and analysis of cyber security or controls failures, to ensure lessons are learned and systemic risks are addressed.
- Maintaining up-to-date knowledge of cyber and information security and managing the pool of subject-matter experts, to ensure risk and control activities are performed effectively in line with current threats, best practices and regulatory requirements.
- Providing SME support on IT and change initiatives with respect to delivering improvements to customer support and experience.
- Managing the team in line with company policies and the Partnership Agreement to consistently achieve business objectives.
Qualifications
- Strong familiarity with technology and security frameworks such as NIST Cyber Security Framework (CSF), COBIT, ISO27001/2 and COSO.
- Good understanding of regulatory requirements relevant to financial services (e.g. FCA/PRA regulations, UK GDPR, DORA).
- Experience designing and/or assuring information technology controls implementation, controls automation, risk frameworks, and audit responses.
- Exposure to briefing to a wide range of audiences (including technical and non-technical at all levels of an organisation) would be a huge plus.
- Management experience in information technology risk, governance or assurance within a complex, regulated environment.
- Technology risk and governance related qualifications such as CRISC, CGEIT or CISA would be great.
Benefits
- The opportunity to participate in our annual, performance-related bonus plan and valuable share schemes.
- Generous pension contribution.
- Life assurance.
- Healthcare Plan (permanent employees only).
- At least 25 days holiday, plus public holidays, 26 days after 2 years’ service. There’s also the option to buy and sell holiday.
- Competitive family leave.
- Participate in our electric car scheme, which offers employees the option to hire a brand-new electric car through tax efficient salary sacrifice (permanent employees only).
- There are the many discounts we offer – both for our own products and at a range of high street stores and online.
- In 2023, some of our workspaces were redesigned. Our offices are great spaces to connect and collaborate and have your wellbeing at the heart.
At L&G, we believe it is possible to generate positive returns today while helping to build a better future for all. If you join us, you’ll be part of a welcoming, inclusive culture, with opportunities to collaborate with people of diverse backgrounds, views, and experiences. Guided by leaders with integrity who care about your future and wellbeing. Empowered through initiatives which support people to develop their careers and excel.
We care passionately about outcomes rather than attendance and are therefore open to discussing all kinds of flexible working options including part-time, term-time and job shares. Although some roles have limited flexibility due to customer demand, we accommodate requests when we can.
It doesn’t matter if you don’t meet every single criterion in this advert. Instead, think about what you excel at and what else you can bring in terms of strengths, potential and connection to our purpose.
Cyber Security Risk & Controls Manager employer: Legal & General
Contact Detail:
Legal & General Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Cyber Security Risk & Controls Manager
✨Tip Number 1
Network like a pro! Reach out to current employees at L&G on LinkedIn or through mutual connections. Ask them about their experiences and any tips they might have for your application process.
✨Tip Number 2
Prepare for the interview by brushing up on your knowledge of cyber security frameworks like NIST and ISO27001. Be ready to discuss how you've applied these in past roles, as this will show you're the right fit for the Cyber Security Risk & Controls Manager position.
✨Tip Number 3
Showcase your problem-solving skills! During interviews, share specific examples of how you've tackled cyber security challenges in the past. This will demonstrate your expertise and ability to handle the responsibilities of the role.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining L&G.
We think you need these skills to ace Cyber Security Risk & Controls Manager
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Cyber Security Risk & Controls Manager role. Highlight your experience with cyber security frameworks and any relevant qualifications. We want to see how your skills align with what we’re looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you’re passionate about cyber security and how your background makes you a great fit for L&G. Don’t forget to mention specific experiences that relate to the job description.
Showcase Your Expertise: In your application, be sure to showcase your knowledge of regulatory requirements and risk management. We’re looking for someone who can provide expert guidance, so let us know how you’ve done this in past roles!
Apply Through Our Website: We encourage you to apply through our website for the best chance of being noticed. It’s super easy, and you’ll be able to keep track of your application status. Plus, we love seeing applications come directly from our site!
How to prepare for a job interview at Legal & General
✨Know Your Cyber Security Frameworks
Familiarise yourself with key frameworks like NIST, COBIT, and ISO27001/2. Be ready to discuss how these frameworks apply to the role and how you've used them in past experiences.
✨Stay Updated on Emerging Threats
Research recent cyber security threats and vulnerabilities relevant to the financial services sector. Being able to discuss current trends will show your proactive approach and expertise in the field.
✨Prepare for Scenario-Based Questions
Expect questions that ask you to analyse a cyber security incident or propose risk mitigation strategies. Practise articulating your thought process clearly and logically, as this will demonstrate your problem-solving skills.
✨Showcase Your Management Experience
If you have management experience, be prepared to discuss how you've led teams in a complex, regulated environment. Highlight specific examples where your leadership made a difference in achieving business objectives.
