Job Description

Role Purpose: Support the wider team with Information Security controls assurance activities and governance of Information Security Standards & Guidelines. Key relationships & committees: Maintain key relationships with Cyber Security stakeholders and second line of defence. Support Business Information Security Officers across different LSEG divisions. Key Responsibilities: Provide support with the execution of risk and controls assessments & other cyber assurance related activities for the Control Assurance and Standards function. Maintain and update the cyber control library ensuring controls and other key attributes of the library are aligned to industry best practice (NIST Cyber Risk Institute Profile). Conduct the assurance of cyber controls with control owners. Support the wider team with testing of security controls, ensuring artefacts and metrics are reviewed to demonstrate controls are designed and operated effectively (DE & OE). Track control deficiencies with control owners through to completion. Update and maintain Cyber Security Standards in line with industry best practice. Ensure the annual review of Cyber Security Standards is completed. Manage internal stakeholder feedback. Support LSEG divisions in maintaining Security certifications (ISO 27001, SOC2) from a Controls and Standards perspective. Assist and support other GRC teams and wider cyber security team to ensure their deliverables are met. Work closely with audit and regulatory teams regarding queries around controls and standards. Perform maturity and gap assessments of cyber controls and standards to industry recognised best practice. Liaise with multiple stakeholders across different business units e.g. BISO\'s, other LSEG legal entities, second and third line of defence ensuring GRC related queries are addressed in a timely manner. Technical/Job Functional Knowledge: Have a good understanding of NIST Cyber Risk Institute Profile, ISO27001, SOC2 and/or ISF Standard of Good Practice. Experience of conducting RCSA/RCA or other cyber control assurance activities. Knowledge of testing controls to determine if they are designed and operating effectively (DE & OE). Be able to challenge control owners, identify control gaps and propose suitable remediation plans. Experience in reviewing Information Security Standards, understanding the hierarchy of policies, standards and guidelines to determine the level of detail which is suitable for each. Although this is not a technical role, you must be able to demonstrate technical competence. Therefore, demonstrate experience of implementing and reviewing cyber controls for Identity & Access Management, Perimeter security, Vulnerability Management, Security Engineering, Security Architecture, Security Operations Centre and Cloud Security. Proficient in Microsoft Office, in particular Excel and PowerPoint. Be able to analyse data and produce reports and metrics. Experience in the use of Cyber GRC platform preferred. Experience in maintaining cyber security certifications (ISO27001 and SOC2). Good understanding of upcoming legal and regulatory requirements affecting Information Security and Technology. Experience in Financial Services or other organisations where mature cyber controls are implemented would be beneficial. Suitable qualifications such as CISSP, CISM, CRISC or MSc in Information Security. Personal Skills and Capabilities: An adaptable team player. As required support other GRC teams or work on ad-hoc projects. This is a role where your peers will be able to support you and likewise you should be able to support them on engagements which cover different GRC domains. Good communication and presentation skills when engaging with clients and other internal stakeholders. This role requires you to regularly interact with 2LoD and different legal entities within LSEG. Be able to work within a global team which is based across multiple locations. A can-do attitude, being able to meet deadlines and prioritise workload. Objective analysis of poorly defined problems Partnership and influence Negotiation management Able to engage with technical stakeholders and discuss technical controls. At LSEG, we believe that creating a diverse and inclusive organisation is fundamental to the way we deliver on our promise of creating essential partnerships and open opportunities. Our open culture is central to how we deliver our purpose - driving financial stability, empowering economies and enabling customers to create sustainable growth - in everything we do. Working with us means that you will be part of a dynamic organisation of 25,000 people across 70 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity. LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives. We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone\'s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants\' and employees\' religious practices and beliefs, as well as any mental health or physical disability needs. Please take a moment to read this carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it\'s used for, and how it\'s obtained, . If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.

foundit