Senior Manager, Business Information Security

Full Time Finance

Job Description

Key accountabilities:

Reviewing and assessing the information security and cyber controls that enables FTSE Russell to conduct its business in a secure manner, and gap analysis of the same and the oversight of InfoSec/Cyber related control gap/risk remediation activities

Lead and analyse the information security roadmaps, strategies, programmes, and projects within FTSE Russell, and identifying and reporting risks, trends and future opportunities for improvement and enhancement and proactively engaging and working closely with the technology and cyber teams !

Provide updates to the FTSE Russell management from the three lines of defence regarding the delivery and progress of the various strategic cyber initiatives and broader cyber programme within LSEG.

Engaging with external third parties who provide services to FTSE Russell and working closely with the established internal third-party oversight functions to ensure appropriate and contracted levels of security are met.

Establish and maintain a Cyber Risk Profile of FTSE Russell in line with other areas of LSEG and Assist with the establishment towards maintenance of a Risk Control Assessment (RCA) that focuses on InfoSec/Cyber risks and associated controls, etc.

Drive established key performance including executive level presentation materials and key risk indicators and ensuring that all management information (MI) is an accurate reflection of the current control’s estate.

Assessing the security architecture solution designs and risk position of projects and initiatives undertaken by FTSE Russell and working closely with associated SMEs and design authorities to ensure projects are delivered in compliance with Policies and Standards, and with security design principles considered/implemented as key success results.

Develop business goals and operational risks, Identifying key areas for improvement and support the risk management decision processes and risk forums/committees

Assisting with the identification of emerging information and cyber security threats to the business, and the subsequent analysis to realise and lead all aspects of risk mitigation plans and build positive relationships within the business to gain an understanding of security-related business risks !!

Work closely with governance stakeholders in the 1st, 2nd, and 3rd lines of defence on all matters relating to information security, cyber risk, data privacy, including all regulatory and legislative considerations.

Constructively and pragmatically challenging established controls to ensure, recommend, and accommodate continuous improvement, ensuring management to understand their responsibilities in relation to security risk mitigation and remediation.

Monitor industry information security trends and keep the business leadership informed about information security-related issues and activities potentially affecting the organisation and specific business functions.

Review and document the technologies and security controls across the firm, including areas such as office spaces, data centres and cloud.

Implement and conclude the security controls maturity assessments against industry standards such as the NIST Cyber Security Framework, ISO27001/2, SOC2, etc

Review and appropriate response to regulatory and legislative matters and produce and present risks and risk postures / cyber maturity to senior/executive bodies.

Build knowledge of business units by assisting them with their security workloads, agendas, and difficulties and Maintain the balanced relationship with risk, compliance, legal, human resources, and internal and external audit functions.

Key Skills

Knowledge of technology, security, and threat landscapes:

Staying abreast of emerging technologies, including all security technologies,

Sustaining a deep and in-depth knowledge of the cyber threat landscape,

Maintain and constantly enriching knowledge of information security and cyber risks as they develop,

Being able to propose and explain appropriate cyber risk counter measures clearly and concisely.

Remaining informed and knowledgeable on primary global data protection regulations and legislation

Proven track record in senior InfoSec management roles including presentations to Boards and Regulatory engagement.

Extensive previous exposure to FS or FMI industry organisations

High performance in problem solving, innovating and critical thinking

Excellent written/verbal communication and stakeholder leadership skills

Ability to clearly articulate ideas to both technical and non-technical audiences

Must be capable of working pragmatically and efficiently in both a team and alone

Able to prioritise efficiently and appropriately with minimal supervision

Able to work in fast paced, high-volume workload environment, prioritising accordingly

Desirable & Advantageous Certifications:

CISSP-ISSAP, CISSP-ISSEP, CISM, CCSP, CCSK, CEH

ISO27K, ISF SOGP, NIST CSF, CIS, CSA STAR, CBEST, TIBER-EU, SOC2

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.