Head of Business Operations Management - CISO

Job content

At M&GPrudential our vision is: to become the best loved and most successful savings and investment businessand we’re looking for people who are excited about joining us on our journey. We’re digitally transforming and investing heavily in technology and innovation to develop new and improved customer propositions that really raise the bar for our customers. To help us achieve our vision we’re looking for exceptional people who live our values and behaviours and who can inspire others; embrace change; deliver results and keep it simple.

What you can expect from us:

We are committed to creating an environment where you can be exceptional at all you do. To help us deliver this, we promise to:

• Challenge Your Limits by creating a stimulating working environment and providing opportunities for you to be involved in meaningful and challenging work
• Support Your Aspirations with a commitment to learning and development that helps you achieve and build your experience with people who want you to succeed
• Value Your Inputwhereby leaders and managers will involve you in key decisions, listen to your thoughts and recognise the important contribution you make
• Balance Your Life through a work life partnership that focuses on making this an inclusive, diverse and friendly place to work and offers the flexibility and support that enables everyone to be at their best

The Role:


M&G Prudential’s Enterprise Security function delivers a comprehensive range of security services, supporting the M&G Prudential business vision by protecting our customers and enabling our business to embrace a digital future with confidence. A significant programme of security enhancements is currently underway, making this an exciting time to join us and help shape the future security service offering.

The Head of Business Operations Management – CISO is a key role with responsibility for all business management activity across the Enterprise Security function. As well as driving rigour and discipline in operational management upon all aspects of the Enterprise Security function across BAU, the role-holder will oversee development of the cyber strategy, and engage with change activities impacting / requiring input from the Enterprise Security function.

The role-holder:

• Is accountable for delivery of effective business management for Enterprise Security, including financial, resource and vendor management.
• Is accountable for development and delivery of robust Security KPIs for the M&G Prudential business.
• Will collaborate with the CISO, pillar leads across Enterprise Security and the Security Architecture function to maintain an ongoing Cyber Strategy to align with business objectives
• Will ensure that IT risk and security impacts of business change initiatives are understood and that Enterprise Security is engaged appropriately in delivery of change

Key Responsibilities:

Business Management
• Oversee management of Enterprise Security budget in line with Finance requirements, driving rigour and discipline in financial management across the function.
• Ensure security expenditure is justified, aligned with strategic requirements and delivers value for money. Drive and deliver cost management initiatives
• Deliver People agenda within Enterprise Security function, including oversight of objective setting, performance management, succession planning, and resource supply and demand.
• Oversee Business Supplier Management responsibilities in respect of 3rd party contracts owned by CISO function, including commercial, relationship and risk management.

Cyber Strategy
• Maintain a clear landscape of the security threats and risks facing the M&G Prudential organisation and clearly articulate these risks in business terms to a wide variety of senior executive stakeholders.
• Collaborate with business and technology architecture functions to develop and maintain a comprehensive M&G Prudential Cyber strategy which sets a clear direction to a desired end state.
• Maintain a Security Operating Model which effectively implements the Cyber strategy and enables the Enterprise Security organisation to meet its strategic security commitments to the M&G Prudential organisation / key stakeholders /customers.
• Partner closely with Security Architecture to ensure alignment between security control frameworks, deployed technologies, and desired vs achieved outcomes
• Monitor new security programmes and strategies and maintain alignment with business objectives.

Change engagement and delivery
• Oversee an Enterprise Security engagement function that ensures IT risk and security impacts of business change initiatives are understood and that Enterprise Security is engaged appropriately in delivery of change.
• Support the increased alignment of development and operations teams ensuring that Security is built in upfront through established and pre-defined patterns and platforms.
• Operate a Security PMO to manage Security-led change initiatives.

Leadership
• As a member of the CISO Leadership Team, contribute to the overall strategic and operational management of Enterprise Security and its leadership, as required.
• Act as subject matter expert for Security matters; educating colleagues, sharing knowledge and embedding good practice for the benefit of M&G Prudential.

Team Management
• Oversee the management of the CISO Office team, including daily and ad-hoc activities for which the team is responsible.
• Develop the team’s capabilities through appropriate levels of mentoring and training
• Attract and retain cyber talent and expertise.

Stakeholder Management
• Manage significant interdependencies, collaboration and stakeholder management across the M&G Prudential organisation, managing complex relationships
• Build and maintain an active network of contacts, both internally in the M&G Prudential organisation, and externally in the security industry, actively participating in information exchanges on a formal and informal basis.
• Represent the Enterprise Security function at security and governance committees as required
• Build strong relationships within Enterprise Security, ensuring that strong business management disciplines are embedded into the wider security operational capability.
• Engage proactively with key business stakeholders internally and with outsourcers, to ensure ongoing operational and strategic alignment.

Pursuing Goals
• Seeks learning opportunities beyond current requirements.
• Sets challenging goals and standards of excellence beyond current job.
• Actively pursues personal and technical self-development, and seeks challenging assignments.

You will have:

Personal skills

• Collegiate and skilled relationship management across multiple stakeholders and cultures
• Analytical mindset – to critically analyse plans and highlight critical paths, risks and gaps
• Strong influencing skills – to effectively drive the leadership team and delivery leads
• Compelling communication skills – to connect with technical teams in the detail as well as senior stakeholders in clarity of status
• Strong teaming skills – building a mutual beneficial relationship and developing a culture
of “one team with common aligned goals”
• Effective coaching and empowering skills – strengthening the capabilities of the technical delivery teams and stretch them individually and collectively.

Experience/Capability skills:

• Strong experience of operational management in a large corporate environment.
• Leadership experience with an IT security remit in a medium/large corporate
• Demonstrable expertise and up to date knowledge of information security; threats and technology developments and implementation of new technology solutions
• Experience of setting information security strategy in a changing environment
• Understanding of the regulatory regimes pertaining to the organisation and our business unit customers
• Experience of working with executive level stakeholders

You will have:

• Strong operational delivery capability, internally and via 3rd party providers
• Strategic vision to provide leadership and direction to develop a Cyber Strategy aligned to business objectives
• Significant collaboration and stakeholder management across the M&G Prudential organisation

This is an exciting opportunity to join a business undergoing significant change, take a key role in a large-scale multi-million pound security transformation programme and develop a high performing Enterprise Security function for M&G Prudential.

Recruiter Name: Joseph Scott
Closing Date: 4/10/19


At M&GPrudential Diversity and Inclusion is a strategic objective. We know that an inclusive environment makes us more accessible and ensures we attract, engage, promote and retain exceptional people. We welcome applications from all individuals regardless of age, gender/gender identity, sexual orientation, ethnicity/nationally, disability, or military service and welcome those who have taken career breaks. We will consider flexible working arrangements for any of our roles.