At a Glance
- Tasks: Lead information security strategy and drive a culture of security across the firm.
- Company: Join Man Group, a global leader in alternative investment management.
- Benefits: Enjoy competitive pay, comprehensive benefits, and a focus on work-life balance.
- Other info: Embrace a culture of inclusion and growth with excellent career development opportunities.
- Why this job: Make a real impact by shaping security practices in a dynamic environment.
- Qualifications: Proven experience in senior information security roles and strong leadership skills.
The predicted salary is between 100000 - 150000 £ per year.
Man Group is a global alternative investment management firm focused on pursuing outperformance for sophisticated clients via our Systematic, Discretionary and Solutions offerings. Powered by talent and advanced technology, our single and multi-manager investment strategies are underpinned by deep research and span public and private markets, across all major asset classes, with a significant focus on alternatives. Man Group takes a partnership approach to working with clients, establishing deep connections and creating tailored solutions to meet their investment goals and those of the millions of retirees and savers they represent.
Headquartered in London, we manage $228.7 billion and operate across multiple offices globally. Man Group plc is listed on the London Stock Exchange under the ticker EMG.LN and is a constituent of the FTSE 250 Index.
Role Overview
We are looking for a CISO to take full ownership of information security and identity & access management at Man Group. This is a leadership role that is as much about driving change across the firm as it is about running the security function. They will set standards, influence behaviour, embed security into business processes, and work with departments across the organisation to raise the bar on how Man Group manages risk.
A Deputy CISO will own day-to-day security operations and policy, allowing the CISO to focus on identity transformation, standards, governance, and driving security culture firm-wide.
Reporting to the Head of Enterprise Risk, the CISO will be responsible for overseeing the Identity and Access Management (IAM) Programme, IAM BAU, and Information Security.
Role Responsibilities
- Own the information security strategy, aligning security investment to the firm’s risk appetite
- Drive security culture and awareness across the firm through training, engagement, and communications
- Set and enforce security standards across technology, operations, and business departments, not just within Information Security
- Work with teams across the organisation to understand existing processes and embed secure access into existing systems
- Enable the safe adoption of AI and emerging technologies by defining practical security guardrails
- Own the Information Security and IAM Risks and Controls Self-Assessment (RCSA), ensuring that risks are identified, controls are documented and remediation is tracked
Identity & Access Management
- Own the IAM strategy and transformation roadmap, driving the migration from legacy provisioning to a modern, governed identity platform
- Directly oversee the identity governance implementation, including application onboarding, lifecycle automation, access controls and defining central APIs
- Remediate audit findings related to identity and access management
Governance & Reporting
- Chair the Information Security Steering Committee
- Present security posture, risk, and programme updates to boards and the Risk and Finance Committee
- Provide oversight of third-party risk management in coordination with the dedicated TPRM team
- Adopt a builder mindset, comfortable with balancing competing priorities
- Have a strong understanding of technical security implementations, trade-offs, APIs and architectural design patterns and a working understanding of modern open-source based application design
- Demonstrate experience in a senior information security role, ready to step into a full CISO mandate
- Prove ability to drive change outside of a direct reporting line, influencing technology, operations, and business teams to adopt security standards
- Communicate effectively, comfortable presenting to boards and equally comfortable in a technical design review
Advanced Skills & Experience (Advantageous)
- CISSP certification
- Experience with identity governance platforms and large-scale IAM transformation programmes
- Familiarity with infrastructure-as-code environments (Terraform, GitOps workflows)
- Experience with hybrid identity environments (Active Directory, Entra ID, SSO platforms)
- Experience defining security frameworks for emerging technology enablement
- Background in a regulated industry with appreciation for governance, operational, and compliance requirements
- Experience with cloud platforms (e.g., Azure or AWS) and containerization (e.g., Docker, Kubernetes)
Inclusion, Work-Life Balance and Benefits
We champion equality of opportunity and encourage all to thrive in a workplace where inclusion is fundamental. You will find opportunities to grow, develop your talents, and help foster an inclusive environment for all across our firm and industry.
We offer a comprehensive benefits package, including competitive holiday entitlements, pension/401k, life and long-term disability coverage, group sick pay, enhanced parental leave and long-service leave. Depending on your location, additional benefits such as private medical coverage, discounted gym membership options and pet insurance may also be available.
Equal Employment Opportunity Policy
Man Group provides equal employment opportunities to all applicants and all employees without regard to race, color, creed, national origin, ancestry, religion, disability, sex, gender identity and expression, marital status, sexual orientation, military or veteran status, age or any other legally protected category or status in accordance with applicable federal, state and local laws.
Man Group is a Disability Confident Committed employer; if you require help or information on reasonable adjustments as you apply for roles with us, please contact TalentAcquisition@man.com.
StudySmarter Expert Advice🤫
We think this is how you could land Chief Information Security Officer in City of London
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Man Group, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Man Group
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Man Group. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Chief Information Security Officer in City of London
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Man Group insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Man Group that you’re committed to staying ahead in the game.
How to prepare for a job interview at Man Group
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Man Group to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Man Group.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.