Cyber Risk Consultant in Stirling

Our purpose is to give everyone real confidence to put their money to work. With a heritage dating back more than 175 years, we have a long history of innovation in savings and investments, combining asset management and insurance expertise to offer a wide range of solutions. Our two distinct operating segments, Asset Management and Life, work together to provide access to balanced, long-term investment and savings solutions.

Overall Job Purpose

The Cyber Risk Consultant reports to the Head of Technology Risk Oversight and is part of M&G’s Second Line of Defence. The role is part of the wider M&G plc Risk & Compliance function, which is responsible for providing independent guidance, advice and insight on risk. The role holder is a subject matter expert in cyber security, who will be providing Second Line oversight across M&G plc, delivering independent evaluation of the strength of first line security controls. The role is also responsible for developing and operating a second line model for overseeing M&G’s cyber capabilities, including providing advice and challenge to the First Line of Defence. The role manages the planning and delivery of Red Team Cyber testing activities, and provides effective end to end stakeholder engagement in relation to the findings made during these tests. The role works in close partnership with stakeholders across the business in Technology, Security, Non-Financial Risk, external suppliers, and with programme leads to ensure effective oversight of cyber risk across M&G plc. The role also supports the wider Non-Financial Risk team by providing specialist advice and expertise on technology and cyber risk.

Responsibilities

• Provide an independent assessment of the design and operating effectiveness of selected first line controls, and deliver a second line view of cyber security events and associated remedial actions.
• Provide second line oversight of cyber security programmes, projects and control improvement initiatives, including the cyber security implications of the use of AI.
• Participate in a programme of deep dive thematic reviews, leading reviews where these relate to cyber.
• Manage the planning, engagement and delivery of Red Team Cyber testing activities with appropriately qualified third party cyber specialists.
• Advise on the design and development of risk appetite statements and metrics for technology and digital risks in relation to cyber.
• Provide second line oversight of the end to end processes for cyber threat intelligence.
• Provide advice and guidance on compliance with regulatory requirements that relate to cyber risk, and contribute to regulatory responses.
• Support First Line delivery of Risk & Control Self Assessments and timely closure of assurance actions.
• Build effective relationships with stakeholders in Technology, Security and business functions as well as collaborating with third parties and business partners.
• Ensure compliance to the people policies, Group Code of Conduct and embedding of desired behaviours, including completion of any mandatory training requirements.
• Work flexibly in support of the wider Risk and Compliance agenda.
• Line manage a Risk professional in the Technology Risk team.

Key Interfaces

• M&G plc Risk and Compliance
• All M&G plc UK Business Areas and Senior Management Teams
• Internal Audit
• External Suppliers and Business Partners
• External Auditors
• Regulators

Experience and Skills

• 10+ years’ experience within financial services or consulting/technology companies in a cyber security or technology risk function, or similar experience. (Essential)
• Significant, broad based knowledge of cyber security practices including risk management principles, architectural requirements, security engineering, threat intelligence, vulnerability management, and incident response. (Essential)
• Excellent stakeholder management skills, with the ability to successfully navigate a complex organisation and build strong relationships with teams across the business. (Essential)
• Experience leading cyber risk reviews and presenting information in a simple and effective way. (Essential)
• Able to deliver clear gap analysis against cyber security policy, standards and technology risk requirements, using industry best practice. (Essential)
• Strong understanding of cyber security products and technologies utilized in Enterprise environments and good knowledge of Cloud, primarily Microsoft Azure.
• Previous experience as part of a security operations or incident response organization would be beneficial.
• Good knowledge of threat modelling techniques with some experience in developing threat models.
• Keen understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity.
• Ability to operate in a diverse and multi-cultural environment with international work or consultancy exposure.
• Curious mindset, strong analytical thinking, gravitas and ability to be pragmatic where appropriate.

Education and Professional Qualifications Preferred

• Graduate/Post-Graduate degree in Engineering, Information Technology or Computer Science
• Relevant Certification in Cyber Security and cloud such as CISSP, CISA, CISM

What we offer:

At M&G, we’re committed to helping you thrive and supporting your wellbeing, both at work and beyond. Our benefits are designed to help you balance your professional and personal life, while planning confidently for your future. Our UK benefits include:

• As a savings and Investments firm we are proud to offer a valuable pension scheme of 18%, with 13% made up of Employer Contributions and 5% Employee Contributions.
• Enjoy 38 days annual leave including bank holidays, with the opportunity to purchase up to 5 extra days and additional flexibility through our Time Off When You Need It policy – to balance your work and personal commitments.
• Our market leading Inspiring Families policy includes comprehensive support and paid parental leave covering maternity, adoption, surrogacy, and paternity leave - as supporting families is a core aspect of our inclusive culture.
• Health & Protection cover including Private Healthcare, Critical Illness cover and Life Assurance for you, with family options - for peace of mind.

We have a diverse workforce and an inclusive culture at M&G, underpinned by our policies and our employee-led networks who provide networking opportunities, advice and support for the diverse communities our colleagues represent. Regardless of gender, ethnicity, age, sexual orientation, nationality, disability or long term condition, we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.

M&G is also proud to be a Disability Confident Leader, and we welcome applications from candidates with long-term health conditions, disabilities, or neuro-divergent conditions. If you need assistance or an alternative means of applying for a role due to a disability or additional need, please let us know by contacting us at: careers@mandg.com