Technology Risk and Control Analyst

Legal & General (L&G) is a leading UK financial services group and major global investor. We’ve been safeguarding people’s financial futures since 1836, and strive to build a better society, while improving the lives of our customers and creating value for shareholders. We are one of the world’s largest asset managers and provide powerful asset origination capabilities. Together, these underpin our retirement and protection solutions: we are an international player in pension risk transfer, in UK and US life insurance, and in UK workplace pensions and retirement income. Our Group Functions provide the services that all areas of the business need. This requires a talented and diverse team behind the scenes, who enable everyone at L&G to do what they do best. Joining us means helping to improve the lives of our customers and contributing to the success of the business every day.

We are seeking a Technology Risk and Control Analyst to support the effective management of Information, Technology, and Data risks across L&G. This role will be responsible for analysing and reporting on risk management activities, while partnering closely with First Line of Defence (1LoD) teams, process owners, and control owners. You will provide expert guidance and oversight on the design, implementation, and ongoing effectiveness of the Group’s technology risk and control framework. This includes constructively challenging stakeholders where appropriate to strengthen internal controls, drive timely and proportionate responses to significant control issues and risk events, and enhance data quality to support IT risk management. The scope of the role spans IT, Information Security, Data, and IT Outsourcing risks, as well as emerging technologies such as Artificial Intelligence (AI), alongside programme assurance activities.

What you’ll be doing:

• Supporting the Retail 2LoD IT & IS Risk team in embedding technology policies, standards, and controls consistently across the Group, ensuring effective risk mitigation through accurate, timely metrics and reporting.
• Delivering data-driven deep dives and targeted assurance reviews to assess the design and effectiveness of key technology controls, in collaboration with 1LoD and 1.5LoD teams.
• Providing subject matter expertise on technology risk governance, framework application, and policy interpretation, while promoting a strong culture of security and risk awareness.
• Analysing risk and control data from systems such as OneSumX, ServiceNow, and Prevalent to generate actionable insights and monitor risk exposure against defined tolerances.
• Supporting assurance activities for high-risk technology change programmes, ensuring key risks are identified, understood, and effectively managed throughout delivery.
• Assessing technology-related risk events and control weaknesses, identifying root causes and evaluating remediation actions to drive continuous improvement.
• Producing high-quality risk reporting by collating and synthesising IT and Information Security data for governance forums and committees.
• Collaborating with 1LoD and 1.5LoD stakeholders to gather, validate, and refine inputs, ensuring accurate and impactful risk reporting and informed decision-making.

Who we’re looking for:

• Degree-level education or equivalent relevant professional experience is desirable.
• Professional certifications in technology risk or information security (e.g., CRISC, CISA, CISSP) are advantageous but not essential.
• Strong understanding of technology risk management and control practices.
• Familiarity with recognised technology and security control frameworks (e.g., ISO 27001, COBIT, NIST) is beneficial.
• Experience using data analysis and analytics to produce meaningful insights and reporting.
• Practical experience in risk management across first, second, or third line of defence functions.
• Solid understanding of IT information risk principles, including confidentiality, integrity, availability, and authenticity.
• Demonstrated ability to take ownership of deliverables, collaborate effectively, and influence stakeholders through strong communication and presentation skills.

Whatever your role, we reward performance and behaviour with a package that looks after all the things that are important to you. Here are some of the benefits we offer:

• The opportunity to participate in our annual, performance-related bonus plan and valuable share schemes.
• Life assurance.
• Healthcare Plan (permanent employees only).
• At least 25 days holiday, plus public holidays, 26 days after 2 years’ service. There’s also the option to buy and sell holiday.
• Competitive family leave.
• Participate in our electric car scheme, which offers employees the option to hire a brand-new electric car through tax efficient salary sacrifice (permanent employees only).
• There are many discounts we offer – both for our own products and at a range of high street stores and online.
• We’re creating net‑zero carbon workplaces by 2030 by investing in our sustainable, modern offices across the UK, all designed to bring people together and elevate the in‑person experience.