Lead, Security Controls Specialist, IAM in London

We are looking for a dynamic and influential Lead, Security Controls Specialist to lead our Cybersecurity Governance & Audit function with a solid focus on Identity and Access Management (IAM). This is a high-impact role at the intersection of cybersecurity, compliance, and identity governance, ideal for a seasoned professional who thrives in complex, regulated environments.

Responsibilities

• Governance & Compliance
  • Lead the development, implementation, and continuous improvement of cybersecurity governance frameworks, policies, and standards.
  • Ensure alignment with regulatory requirements (e.g., ISO 27001, NIST, GDPR, SOX).
  • Drive policy adoption and compliance across business units and technology teams.
• Audit Management
  • Own the end-to-end process for external cybersecurity and identity-related audits, including planning, coordination, evidence collection, and response to observations.
  • Act as the main point of contact for external auditors, regulators, and third-party assurance teams.
  • Support client audits and due diligence activities by articulating the organisation’s IAM architecture, controls, and operational processes.
  • Review and challenge audit evidence to ensure accuracy, completeness, and relevance.
  • Track and manage audit findings, ensuring timely remediation and closure.
  • Collaborate with internal teams to ensure audit readiness and continuous improvement of control environments.
• IAM Governance
  • Lead the strategic development and continuous improvement of IAM governance frameworks, ensuring alignment with enterprise security architecture and zero trust principles.
  • Define and enforce policies for identity lifecycle management, access provisioning/deprovisioning, and role engineering across hybrid environments (cloud/on-prem).
  • Oversee technical governance of PAM and IGA platforms, including integration with SIEM, ITSM, and HR systems.
  • Drive automation and analytics in IAM processes to improve efficiency, reduce risk, and support audit readiness.
  • Collaborate with IAM engineering and operations teams to ensure secure implementation of access controls, including API-level enforcement and dynamic access policies.
  • Establish and monitor IAM governance KPIs (e.g., access review completion rates, orphaned accounts, SoD violations) and report to senior leadership.
• Risk & Controls
  • Oversee the design and effectiveness of cybersecurity controls across the organisation.
  • Conduct control assessments and gap analyses to identify areas of improvement.
  • Collaborate with internal teams to define and implement risk mitigation strategies.
• Stakeholder Engagement
  • Build strong relationships with internal and external stakeholders, including IT, Legal, Risk, Business Units, clients, auditors, and regulators.
  • Represent the IAM function in external forums, including regulatory reviews, client assurance meetings, and third-party risk assessments.
  • Provide clear, concise, and actionable reporting to senior leadership and governance committees.
  • Educate and influence stakeholders on cybersecurity governance, IAM architecture, and audit readiness.

Required Skills & Experience

• Proven experience (7+ years) in cybersecurity governance, risk, and audit within a complex enterprise environment.
• Strong understanding of audit methodologies and regulatory frameworks (ISO 27001, NIST).
• Deep technical understanding of IAM architecture, protocols (SAML, OAuth, OpenID Connect), and directory services (LDAP, AD, Azure AD).
• Experience designing and implementing scalable IAM solutions in complex, multi-cloud environments.
• Familiarity with identity threat detection and response capabilities.
• Proven ability to translate business requirements into secure and compliant IAM solutions.
• Demonstrated ability to manage external audits and confidently engage with auditors.
• Experience reviewing and challenging technical and procedural evidence.
• Strong knowledge of IAM principles and governance.
• Hands-on experience with PAM solutions (BeyondTrust/CyberArk) and IGA platforms (e.g SailPoint).
• Excellent communication and stakeholder management skills.
• Strong analytical and problem-solving capabilities.
• Relevant certifications (e.g., CISA, CISM, CRISC, CISSP) preferred.

Desirable Attributes

• Strategic thinker with a pragmatic approach to governance and compliance.
• Ability to influence and drive change across diverse teams.
• Comfortable working in high-pressure environments with tight deadlines.
• Experience in regulated industries (e.g., financial services, healthcare, utilities) is a plus.

What We Offer

• Competitive salary and benefits package.
• Opportunity to shape and lead cybersecurity governance in a dynamic organisation.
• Collaborative and inclusive work environment.
• Professional development and certification support.

Join us and be part of a team that values innovation, quality, and continuous improvement. If you're ready to take your career to the next level and make a significant impact, we’d love to hear from you.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law.

You will be part of a collaborative and creative culture where we encourage new ideas. We are committed to sustainability across our global business and we are proud to partner with our customers to help them meet their sustainability objectives.

Our charity, the LSEG Foundation provides charitable grants to community groups that help people access economic opportunities and build a secure future with financial independence. Colleagues can get involved through fundraising and volunteering.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.