Cyber Risk Consultant

At M&G our purpose is to give everyone real confidence to put their money to work. As an international savings and investments business with roots stretching back more than 170 years, we offer a range of financial products and services through Asset Management, Life and Wealth. All three operating segments work together to deliver attractive financial outcomes for our clients, and superior shareholder returns.

Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent.

We will consider flexible working arrangements for any of our roles and also offer work place accommodations to ensure you have what you need to effectively deliver in your role.

Overall Job Purpose
- The M&G plc Risk & Compliance function, within the second line of defence, is responsible for effectively advising and challenging key stakeholders, challenging risks effectively and proactively, and adding value through providing enhanced business insights to ensure that risk is managed in line with the expectations of clients, shareholders and regulators, and to support the delivery of customers’ long term needs.
- The Cyber Risk Oversight VP reports to the Head of Technology Risk and Support Functions Oversight, M&G plc, and to the Director of Risk and Compliance, M&G Global.
- This role is primarily responsible for providing oversight of cyber security risk across M&G plc, including delivering a second line evaluation of the strength of first line security measures and controls.
- The role manages the planning and delivery of Red Team Cyber testing activities by qualified third parties, and provides effective end to end stakeholder engagement in relation to the findings made during these tests.
- The role is also responsible for developing and operating a second line model for delivering oversight of M&G’s cyber threat intelligence capability and techniques.
- The role works in close partnership with stakeholders across the business in Technology, Security, Non-Financial Risk, external suppliers and with programme leads to ensure effective oversight of cyber risk across M&G plc.
- The role leads on facilitating the risk appetite statements relating to cyber security risks
- The role also supports the delivery of wider Risk and Compliance projects, strategic and management activities, business development and digital initiatives.

Responsibilities

The key responsibilities of this role are to support the delivery of the Technology Risk team’s objectives to support the embedding of the technology risk framework across M&G plc in relation to cyber security risk, and to provide consolidated risk analysis and information for Senior Management as required. The role is required to:

- Manage the planning, engagement and delivery of Red Team Cyber testing activities with appropriately qualified third party cyber specialists.
- Oversee and guide cyber security risk mitigation programmes, projects and control improvement initiatives, including the use of AI in enhancing cyber security.
- Assess first line processes and technical analysis of cyber security events and root cause, as well as remedial solutions, and provide a second line view on their effectiveness.
- Provide advice and guidance on compliance with regulatory requirements that relate to cyber risk and contribute to regulatory enquiries.
- Assess the effectiveness of processes and internal controls implemented by the first line, including the Security Operations Centre (SOC) and infrastructure functions, through a programme of a sampling to evaluate their quality and associated documentation, and provide feedback for action.
- Work closely with existing IT, security and business functions as well as collaborating with third parties and business partners, both to receive input and to provide practical and actionable intelligence.
- Nurture strong working relationships with stakeholders at functional levels.
- Manage the risk appetite statements for technology and digital risks in relation to cyber and provide reporting of performance against these statements using sampling methods.
- Develop and maintain high level Cyber Risk policy, embedding relevant Group, regulatory and industry good practice requirements.
- Participate in cyber incident response planning, testing, and execution when required.
- Participate in the annual programme of deep dive and thematic reviews, leading reviews where these relate to cyber across all business areas and outsourced service providers as may be required.
- Oversee the identification, assessment, processing, analysis, and reporting of tactical and strategic threat intelligence to assist in decision making and actively thwart emergent and current threats targeting our organisation.
- Contribute to the continuous improvement of the Technology Risk function.
- Identify and lead digital initiatives that deliver efficiencies and imp