Cyber Risk Analyst in Edinburgh

Our purpose is to give everyone real confidence to put their money to work. With a heritage dating back more than 175 years, we have a long history of innovation in savings and investments, combining asset management and insurance expertise to offer a wide range of solutions. Our two distinct operating segments, Asset Management and Life, work together to provide access to balanced, long-term investment and savings solutions.

The Cyber Risk Analyst reports to the Lead Cyber Risk Consultant and is part of the Technology Risk Team, which forms part of the Second Line of Defence in the Non-Financial Risk function. The Cyber Risk Analyst will support the Lead Cyber Risk Consultant in providing independent second-line oversight of first-line cyber security across M&G plc. You will be a subject matter expert who:

• Evaluates, challenges and supports first-line with controls across areas such as Threat Intelligence, Vulnerability Management, Security Engineering, Application & Cloud Security, SOC and Security Awareness.
• Plans Red Team testing and manages stakeholder engagement and remediation follow up.
• Plans and can perform (where appropriate) scheduled and ad hoc cyber assurance testing to validate remediation and investigate concerns.
• Provides specialist cyber and technology risk advice to the Non-Financial Risk team.

This role sits within Risk & Compliance and focuses on delivering clear, independent insight to support informed decision-making.

Key Responsibilities

• Provide second-line oversight of first‑line cyber controls, assessing their design, implementation and effectiveness.
• Identify and report cyber risks, supporting formal risk processes (RCSAs, assurance actions) to ensure timely closure.
• Plan and manage second-line red team programmes and where required support regulatory or auditor testing (e.g., CBEST/FCA/PRA) to drive resilience improvements.
• Plan and deliver second-line scheduled and ad‑hoc assurance testing (penetration, red team, vulnerability sampling) to validate first line remediation and control effectiveness.
• Challenge first-line to track and drive remediation of findings from testing, reviews and incidents, ensuring clear remediation plans and closure.
• Analyse first-line cyber processes and technical incident responses to identify gaps, root causes and pragmatic remedial actions.
• Oversee cyber risk mitigation projects and control improvement initiatives to reduce exposure and strengthen defences.
• Communicate risk findings and recommendations clearly to stakeholders, enabling timely, informed decision‑making.

Key Knowledge, Skills & Experience

• Experience in financial services, consulting or technology roles in cyber security or technology risk (essential)
• Broad cyber security expertise: risk management, security architecture, engineering, threat intelligence, vulnerability management and incident response (essential)
• Understanding of second-line assurance: risk taxonomy, appetite, KRIs and controls (essential)
• Experience with red teaming, penetration testing or vulnerability scanning (essential)
• Knowledge of enterprise security products and cloud (primarily Microsoft Azure) (essential)
• Familiar with CI/CD, DevSecOps, SAST/security scanning and Agile ways of working
• Comfortable with risk/issue tracking tools, risk reviews and clear stakeholder reporting
• Able to produce gap analyses against policies/standards using industry best practice
• Experience in SOC or incident response teams
• Excellent report-writing and communication skills
• Knowledge of national/international cybersecurity laws, regulations and ethics relevant to financial services
• Able to work in diverse, multi-cultural teams with international exposure
• Curious, analytical and pragmatic problem-solver

Preferred Education and Professional Qualifications

• Degree (BSc, MSc or equivalent) in Cyber Security, Computer Science, Engineering or a related discipline.
• Relevant certifications in cyber security and cloud: CISSP, CISM, CCSP, OSCP, GPEN, GCIH, GCIA, CPSA, CRT, CCT (or equivalent).

What we offer

At M&G, we’re committed to helping you thrive and supporting your wellbeing, both at work and beyond. Our benefits are designed to help you balance your professional and personal life, while planning confidently for your future. Our UK benefits include:

• A valuable pension scheme of 18%, with 13% made up of Employer Contributions and 5% Employee Contributions.
• Share Save and our Share Incentive Plan, together with access to financial wellbeing and support services.
• 38 days annual leave including bank holidays, with the opportunity to purchase up to 5 extra days and additional flexibility through our Time Off When You Need It policy.
• Comprehensive support and paid parental leave covering maternity, adoption, surrogacy, and paternity leave.
• Health & Protection cover including Private Healthcare, Critical Illness cover and Life Assurance for you, with family options.

We have a diverse workforce and an inclusive culture at M&G, underpinned by our policies and our employee-led networks who provide networking opportunities, advice and support for the diverse communities our colleagues represent. Regardless of gender, ethnicity, age, sexual orientation, nationality, disability or long term condition, we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks. M&G is also proud to be a Disability Confident Leader, and we welcome applications from candidates with long-term health conditions, disabilities, or neuro-divergent conditions.