Director of Business Information Security, D&A

Role Purpose

To work across defined business area (D&A) and ensure that Security capabilities are deployed, threat actors and cyber risks identified and target state maturity is in compliance with the expected Group Information Security policies, standards and capabilities as well as Regulatory requirements. Act as the point of contact for Information Security related issues within defined business area for both internal and external partners. This role will partner with the business to enable alignment of business needs with security objectives.

Key Responsibilities

• Develops an understanding of business area’s direction, priorities, opportunities and challenges in order to prioritise security focus and drive good risk decisions
• Contributes to the development, communication and maintenance of the business area’s information security strategy and allow potential opportunities through security innovation to be explored
• Drives development, implementation, maintenance and improvement of all information security related activities in alignment with Cyber & Information Security Strategy, as defined by the Chief Information Security Officer (CISO)
• Ensures that security standards are applied consistently across the entire function, to ensure the security landscape does not fracture
• Liaises with regulators regarding security requirements
• Builds positive relationships within the business to gain an understanding of security-related business risks
• Engages with key partners on the health of their information security programme, providing guidance on addressing key risks identified
• Works closely with the central Cyber Intelligence and Security Operations teams to identify and mitigate any potential security threats in the business area or resolve business area related security incidents
• Influences decisions on security by providing guidance that is easily understood and actionable by the business
• Identifies and addresses opportunities for people, process, and technology to enable business outcomes
• Works with business leaders to ensure that information security policies and standards are integrated with business processes. Constructively challenging existing processes where necessary
• Liaises with security architects both within their business area and other functions to encourage close collaboration
• Communicates the importance of, and promoting awareness of, information security to the business. Growing business awareness of emerging security risk. Helping develop a security culture within the business area
• Effectively collaborates with both senior business and security leadership on security and business considerations for their business area
• Ensures partners understand their responsibilities in relation to security risk mitigation and remediation
• Participates in relevant business, organisational change and risk management discussions run by other parts of the organisation.
• Provides mentorship for audit preparation and addressing audit findings
• Maintains a balanced relationship with internal and external audit functions, and other relevant bodies

Critical deliverables

• Ensures overall compliance with the central Cyber & Information Security policies and standards for their business area in regards to the following:
  • - Security strategy
  • - Security transformation programme
  • - Security by design
  • - Vulnerability management
  • - Identity and privileged access management
  • - Security incident management
  • - Cyber risk and threat modelling and management
  • - Threat intelligence partnerships and surveillance
  • - Data loss prevention
  • - Business continuity
  • - Cyber resilience
  • - Investigations and forensics
  • - Cyber Security Innovation

Impact

• This role impacts all colleagues within their business area, as they are responsible for ensuring that security controls and standards are properly met
• The risk of not properly delivering against this role is an impact to the broader organisational reputation & failure against regulatory compliance of the function and / or LSEG as a whole

Key Performance Indicators

• Level of preparedness of their business area against security threats.
• Patching cadence (how long does it take to implement security patches or mitigate high risk common listed vulnerabilities & exposures)
• Access management - how many users have administrative privileges
• Number of major security incidents within their business area:
• - Intrusion attempts (successful and unsuccessful)
• - Mean Time To Detect, Resolve and Contain
• Cyber Security Culture and Awareness phishing/training results within their business area
• Average Vendor Security Rating (Inherited/3rd party risk)
• Aged, open roles in the function (under-resourced, risk exposure)

Technical / Job Function knowledge

• Experience across multiple regulatory domains
• Experience of defining and embedding Security controls and Standards
• Hands on technical experience in of conducting security risk assessments
• Hands on experience with assessing and managing Major Security Incidents
• Experience in working within Technology functions to ensure that Security standards are maintained while not impeding innovation and advancement
• Experience of demonstrating deep and broad knowledge of emerging technology to deliver services
• Qualifications in security leadership and management for example, but not limited to, MBA, CISM or ISO 2700x
• Certifications in regulated areas e.g. privacy, resilience and quality assurance

Business and sector expertise

• Experience in Security for Financial Services Regulated Environment
• Expert knowledge of the cyber, information security and risk management field for a global financial services or other highly regulated organisation providing Technology Services to revenue generating divisions
• Experience of developing and influencing strategic working relationships with key technology suppliers
• Experience of advising/communicating at board level and with senior level regulators
• Detailed business, regulatory and technology knowledge appropriate to the business area

Leadership and management experience

• Ability to build and maintain effective relationship with a division’s Business and Technology partners.
• Be the voice of Security within their business area, and the voice of the business area within the Cyber & Information Security Function
• Strategic problem solver with strong intuition for business and well-versed in current technological trends and business concepts
• Experience of ensuring security compliance within an agile function
• Consistent track record of using industry standard processes and frameworks and promoting innovation across the organisation in the use of technology to ensure security
• Examples of where they have showcased thought leadership by identifying industry technical trends
• Proven high performance in problem solving, collaboration and priority setting
• Good communication skills: effective listening, persistence, composure
• Ability to build solid relationships with leadership and partners
• Experience with handling regulators

Personal skills and capabilities

• Gravitas to collaborate with Board members at LSEG, Executive Committee and senior Regulators, with proven track record of establishing substantial relationships with the executive leadership
• Strong verbal and written communication skills, with particular ability to communicate technical information to non-technical partners and to listen to identified concerns and adapt accordingly
• Ability to influence across multiple Divisions, Businesses and Functions
• Experience of successfully planning and delivering large scale complex Technology integration and Technology transformation programmes
• Ability to work with others effectively, with 3rd parties, internal teams, and international business units, promoting knowledge sharing within and across teams
• Strategic problem solver with strong intuition for business and well-versed in current technological and security trends as well as business concepts
• Ability to work well under pressure – particularly during an incident.

ABOUT US:

LSEG (London Stock Exchange Group) is more than a diversified global financial markets infrastructure and data business. LSEG is a systemically important part of the global financial system. It is the UK’s second largest financial services business by market capitalisation, and in the top 10 of the FTSE 100.

A major financial information provider, with extensive experience, deep knowledge, and worldwide presence across financial markets, LSEG enables businesses and economies around the world to fund innovation, manage risk and create jobs. LSEG has contributed to supporting the financial stability and growth of communities and economies globally for more than 300 years.

Through a comprehensive suite of trusted financial market infrastructure services – and its open-access model – LSEG provides the flexibility, stability and trust that enable its customers to pursue their ambitions with confidence and clarity.

LSEG is headquartered in London, with significant operations in 70 countries across EMEA, North America, Latin America, and Asia Pacific. The Group employs 26,000 people globally, more than half located in Asia Pacific. LSEG’s ticker symbol is LSEG.

The core values of the business are integrity, partnership, excellence, and change.

LSEG has demonstrated its successful strategy as shown in its strong financial performance. Post the Refinitiv acquisition, LSEG has shifted from a period of integration to transformation. The Group is a proven innovator with its market leading strategic partnership with Microsoft enabling next-gen data, analytics and cloud infrastructure solutions.

LSEG operates across the following divisions:

Data & Analytics: delivering data-driven insights, workflow and products to customers simply and flexibly so they can make better-informed decisions.

FTSE Russell: delivering category-defining indices across asset classes and investment objectives to create new possibilities for the global investment community.

Risk Intelligence: providing a comprehensive suite of screening, due diligence, verification and onboarding solutions, helping customers protect their businesses from a wide range of threats.

Markets: supporting customers across the end-to-end capital markets workflow, providing them with access to liquidity across multiple asset classes and regions; supporting their clearing and reporting obligations; and providing risk and balance sheet solutions.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.