Security Incident and Cyber Resilience Lead - 12 Months FTC

Job content

At M&G our vision is: to become the best loved and most successful savings and investment businessand we’re looking for people who are excited about joining us on our journey. We’re digitally transforming and investing heavily in technology and innovation to develop new and improved customer propositions that really raise the bar for our customers. To help us achieve our vision we’re looking for exceptional people who live our values and behaviours and who can inspire others; embrace change; deliver results and keep it simple.

We know that an inclusive environment makes us more accessible and ensures we attract, engage, promote and retain exceptional people. We welcome applications from all individuals regardless of age, gender/gender identity, sexual orientation, ethnicity/nationality, disability, or military service and welcome those who have taken career breaks. We will consider flexible working arrangements or home working arrangements for any of our roles.

What You Can Expect From Us

We are committed to creating an environment where you can be exceptional at all you do. To help us deliver this, we promise to:

• Challenge Your Limits by creating a stimulating working environment and providing opportunities for you to be involved in meaningful and challenging work
• Support Your Aspirations with a commitment to learning and development that helps you achieve and build your experience with people who want you to succeed
• Value Your Input whereby leaders and managers will involve you in key decisions, listen to your thoughts and recognise the important contribution you make
• Balance Your Life through a work life partnership that focuses on making this an inclusive, diverse and friendly place to work and offers the flexibility and support that enables everyone to be at their best
  

How Do We Support Our Employees

All M&G plc employees will be supported in the workplace through our M&G Employee Assistance Programme (EAP). If you need counselling, confidential financial or legal advice. The service is available 24 hours a day, 365 days a year and offers access to qualified professionals who can provide specialist information, advice and support on many issues. It offers a broad range of services, including help with family issues, maintaining work/life balance and mental health support.

The Security Incident Manager will be responsible for the effective management of the Security Incident Management and Cyber Resilience Team within the Security Operations area.

Security Incident response is an organised approach to addressing and managing the aftermath of a security breach or cyberattack.

Cyber resilience is the ability to prepare for, respond to and recover from cyber-attacks. Cyber resilience helps an organisation protect against cyber risks, defend against and limit the severity of attacks, and ensure its continued survival despite an attack.

A key part to this role will be working closely with the business to coordinate Security Incident Management, Red/Purple Team exercises and to lead the regular Bronze Exercising.

Security Incident Management

• Lead and provide support when co-ordinating Security Incidents, ensuring containment is completed in a timely manner
• Ensure Security Incident and Bronze Frameworks & Processes are maintained
• Ensure Security Incident Post Incident Reviews (PIR) are completed in a timely manner, ensuring strategic actions are documented and assigned appropriate owners and tracked to resolution
• Ensure the security of M&G systems, while considering business impact and ensuring the appropriate teams are engaged
• Manage the tracking of actions driven from a Security Incident to completion.
• Deliver and improve the maturity of security incident management control environment
• Proactively seek out potential security incidents i.e. problem management and drive action plan to resolution
• Lead and co-ordinate security service incidents within SecOps, ensuring security tools are operational in a timely manner
• Reducing the Cyber Risk Profile of M&G and ensuring cyber risk indicators are within tolerance/appetite
• Work with third parties to establish a core of experts to successfully deliver Cyber Resilience requirements
  

Cyber Resilience

• Lead and manage the delivery of cyber resilience schedule
• Create and exercise Bronze plans in line with cyber resilience schedule
• Understand business challenges and the threats they face and using this information to shape cyber resilience exercises
• Uplift the cyber resilience capability with the rollout of simulation and complex resilience exercises, ensuring the delivery of high quality work on time and to budget
• Advising on resilience governance, frameworks and operating models
• Reporting and shaping cyber resilience controls and risk management
• Evidencing the ability to meet regulatory commitments and expectations
• Work with third parties to successfully deliver Cyber Resilience requirements
  

The Role Requires

Personal attribute/skills:

• Strong operational delivery capability, internally and via 3rd party providers
• Strong attention to detail and analytical skills
• Significant collaboration and stakeholder management across the M&G Plc organisation
• Coaching and developing team members and the business through sharing of experience and knowledge
• Ability to communicate technical issues into business language and communicate with stakeholders at all levels of the organisation
• Getting the balance right between protection, detection, reaction and response to resilience issues
• Providing technical direction and guidance to other team members in order to deliver projects/tasks to the agreed scope and requirement, timescales and budget
• Building out and maintaining a professional network
• Leading work at sustained levels of high intensity, and inspire drive and resilience in others
• Proven experience of understanding and managing aspects of risk and resilience, including the quantification and reporting of risk in a business context
• Ability to meet regulatory commitments and expectations
  

Qualifications

• Relevant certifications: CISSP / CISM / SANS / ITIL
  

Closing Date: 21/9/21

Recruiter: Frazer Wilson

We live by four behaviours at M&G and we ask all our employees to:

• Inspire Others - Support and encourage each other, creating an environment where everyone can contribute and succeed
• Embrace Change - Be open to change, willing to be challenged and able to adapt quickly and imaginatively to new ideas
• Deliver Results - Focus on outcomes, set high standards and deliver with energy and determination
• Keep it Simple - Cut through complexity and bureaucracy, be clear and decisive and never overcomplicate things