Manager- Supply Chain Security

We are M&G Global Services Private Limited (formerly known as 10FA India Private Limited, and prior to that Prudential Global Services Private Limited). We are a fully owned subsidiary of the M&G plc group of companies, operating as a Global Capability Centre providing a range of value adding services to the Group since 2003. At M&G our purpose is to give everyone real confidence to put their money to work. As an international savings and investments business with roots stretching back more than 170 years, we offer a range of financial products and services through Asset Management, Life and Wealth. All three operating segments work together to deliver attractive financial outcomes for our clients, and superior shareholder returns.

M&G Global Services has rapidly transformed itself into a powerhouse of capability that is playing an important role in M&G plc’s ambition to be the best loved and most successful savings and investments company in the world.

Our diversified service offerings extending from Digital Services (Digital Engineering, AI, Advanced Analytics, RPA, and BI & Insights), Business Transformation, Management Consulting & Strategy, Finance, Actuarial, Quants, Research, Information Technology, Customer Service, Risk & Compliance and Audit provide our people with exciting career growth opportunities. Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent.

Primary Key Responsibilities (Top 3-5 KRA)

• Assess and report the effectiveness of information security general controls throughout the supplier lifecycle with M&G.
• Track, monitor and report on remedial activities, e.g. control improvement actions arising from supplier information security due diligence activity.
• To demonstrate a positive risk and control culture through the active identification, assessment, monitoring and management of risks and controls within the business area.
• Take all reasonable steps to ensure adherence to all external regulatory, legal and industry obligations within the business area.
• Assist with reporting of Technology and information security control effectiveness and policy compliance levels.

Additional Responsibilities:

• Provide management information to Enterprise Security & Privacy management and colleagues, working with internal and external teams.
• Liaise with the Procurement function and Business Supplier Managers across M&G to ensure appropriate information security oversight activities are completed on our external suppliers.
• Moderate the annual review and update of information security related policies and processes.
• Stay up-to-date on information technology trends and security standards.
• Conduct trainings to educate and develop security awareness in the workforce on information security
• Provide guidance on associated regulations & legislations.
• Research & assess information security vulnerabilities.

Key Stakeholder Management

Internal

• Head of Supply Chain Security
• Enterprise Security & Privacy
• Technology teams
• First line GRC
• Risk & IA
• Business Unit Representatives for all Business Areas
• Procurement & Third Party Risk team
• Privacy team

External

• External Supplier
• Data Protection and Information Security industry bodies and members and auditors.

Knowledge, Skills, Experience & Educational Qualification

Knowledge:

• Prefer SSCP, CISA, CISM, ITIL qualified individual.
• Working knowledge of financial services regulatory and legislative frameworks.
• Working knowledge of Information Security regulations and legislation.
• It is desirable to have working knowledge of industry best practice and external bodies in the same field.
• It is desirable to have working knowledge of information security management and governance standards.
• It is desirable to have working knowledge of third-party relationships and the associated information security risks.
• An understanding of key information security risks posed and ability to develop pragmatic options to mitigate these.

Skills:

• Good analytical multi-tasking skills.
• Able to look at and understand processes and infrastructure.
• Good understanding in information security methodologies, frameworks and tools
• Ability to build relationships at all levels in the business.
• Ability to present reports in meetings.
• Ability to understand organisational culture and use this knowledge to gain commitment and get work done.
• Ability to provide support to and accept direction from colleagues in other areas.
• Remain effective in situations when responsibilities, tasks, priorities and / or work environment change significantly.
• Broad knowledge of business conducted within M&G, including M&G Global Services India.
• Be clear, concise and impactful when communicating with others.
• Ability to assess multiple options (including consequences) in parallel, while working on possible solutions.
• Ability to work with limited supervision, seeking guidance where appropriate.
• Excellent people management skills.
• Confident communicator, able to get the message across clearly and concisely via appropriate channels, whether verbal or written.

Experience:

• 4+ years’ experience of working or studying in at least one of the following areas: IT / information security / risk management / audit / assurance / business continuity / supplier management.
• Experienced in working with UK stakeholders.

Educational Qualification:

• Graduate in any discipline.

We have a diverse workforce and an inclusive culture at M&G Global Services, regardless of gender, ethnicity, age, sexual orientation, nationality, disability or long term condition, we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.