VP - Cyber Risk Oversight & Threat intelligence

We are M&G Global Services Private Limited (formerly known as 10FA India Private Limited, and prior to that Prudential Global Services Private Limited). We are a fully owned subsidiary of the M&G plc group of companies, operating as a Global Capability Centre providing a range of value adding services to the Group since 2003. At M&G our purpose is to give everyone real confidence to put their money to work. As an international savings and investments business with roots stretching back more than 170 years, we offer a range of financial products and services through Asset Management, Life and Wealth. All three operating segments work together to deliver attractive financial outcomes for our clients, and superior shareholder returns.

M&G Global Services has rapidly transformed itself into a powerhouse of capability that is playing an important role in M&G plc’s ambition to be the best loved and most successful savings and investments company in the world.

Our diversified service offerings extending from Digital Services (Digital Engineering, AI, Advanced Analytics, RPA, and BI & Insights), Business Transformation, Management Consulting & Strategy, Finance, Actuarial, Quants, Research, Information Technology, Customer Service, Risk & Compliance and Audit provide our people with exciting career growth opportunities. Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent.

The key responsibilities of this role are to support the delivery of the Technology Risk team’s objectives to support the embedding of the technology risk framework across M&G plc and provide consolidated risk analysis and risk management information for Senior Management as required.  This involves:

• Ensuring compliance to the people policies, Group Code of Conduct and embedding desired behaviours, including completion of any mandatory training requirements.
• Being personally accountable for identifying, assessing, managing and reporting risks within your area of responsibility, including supporting formal risk management activities e.g. Risk & Control Self Assessments and timely closure of Assurance action
• Develop and maintain high level Cyber Risk policy, embedding relevant Group, regulatory and industry good practice requirements
• Manage the risk appetite statements for technology and digital risks in relation to cyber and provide reporting to the Risk committee of performance against these statements sampling
• Oversee and guide cyber and security risk mitigation programmes, projects and controls improvement initiatives including use of AI in enhancing cyber security
• Assess the effectiveness of processes and internal controls implemented by the first line including the Security Operations Centre (SOC) and infrastructure functions through a programme of a sampling to evaluate their quality and associated documentation, and feedback for action
• Participate in cyber incident response planning, testing, and execution when invoked to support a real incident
• Participate in the annual programme of deep dive and thematic reviews, leading reviews where these relate to cyber across all business areas and outsourced service providers as may be required including red teaming
• Assess first line processes and technical analysis of cyber security events and root cause as well as remedial solutions, and provide a second line view on their effectiveness
• Provide advice and guidance on compliance with regulatory requirements that relate to cyber risk and contribute to regulatory enquiries on the same.
• Oversee the identification, assessment, processing, analysis, and reporting of tactical and strategic threat intelligence to assist in decision making and actively thwart emergent and current threats targeting our organisation.
• Managing stakeholders effectively and working collaboratively with other assurance functions (Internal Audit, Compliance Monitoring and other risk assurance teams), as well as the first line embedded risk and control teams, to support the maintenance of a robust integrated control framework
• Work closely with existing IT, security and business functions as well as collaborate with third parties and business partners, both to receive input and to provide practical and actionable intelligence.
• Create excellent working relationships with stakeholders at functional levels.
• Contribute to the continuous improvement of the Technology Risk function.
• Work flexibly in support of the wider Risk and Compliance agenda.
• Identify and lead digital initiatives that deliver efficiencies and improved ways of working commensurate with best practices of FTSE 100 digitally enabled business.
• Manage Risk professionals in the Technology Risk team in M&G Global Services

EDUCATION AND PROFESSIONAL QUALIFICATIONS NECESSARY:

• Graduate/Post-Graduate degree in Engineering, Information Technology or Computer Science
• Relevant Certification in Cyber Security and cloud such as CISSP, CISA, CISM

EXPERIENCE AND SKILLS

• At least 14 (or more) of relevant experience in in a Risk/Audit function/Big4 within a financial institution, directly delivering cyber security and cyber threat intelligence activities.
• Significant knowledge of Cybersecurity organization practices, risk management principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
• Knowledge of insurance / investment products, markets and competitors
• Experience within financial services companies or consulting/technology companies supporting financial services clients in cyber security  and Technology risk (2LOD) functions
• Experience in developing and embedding Cyber risk policies, setting Cyber risk appetite and embed processes to assess performance against the same
• Experience in managing a team of cyber/security specialists
• Experience in leading reviews, where these relate to Cyber risk and understand the lessons learnt.
• Delivery of gap assessments against Cyber Security policy, standards and technology risk requirements
• Experience in developing, operating and maintaining a Cyber threat intelligence framework
• Strong understanding of cyber security products and technologies utilized in Enterprise environments
• Strong understanding of Cloud computing platforms, primarily Amazon AWS and Microsoft Azure.
• Experience as part of a security operations or incident response organization would be beneficial.
• Experience in investigating fraud and eCrime.
• Keen understanding of national and international laws, regulations, policies and ethics related to financial industry cybersecurity.
• Understanding of threat modelling techniques with some experience in developing threat models
• Significant experience of reporting and presenting cyber risks and controls information with the wider business, regulatory and industry context, in a simple and effective way.
• Experience of authoring papers for Risk Committees and senior management teams.
• Knowledge of industry best practice and good network / links with individuals and external bodies.
• Curious and continually looking to seek out improvements and not just accepting the status quo
• Ability to work collaboratively across immediate team and broader Risk & Resilience function whilst also being to work independently under own initiative (essential)
• Strong drive and delivery, committed to achieving results and delivering on time (essential)
• Strong analytical thinking and a critical evaluator of information/issues
• Strong work ethic with the highest levels of professionalism, commitment and integrity.
• Gravitas and ability to be pragmatic where appropriate
• Excellent stakeholder management skills, with the ability to successfully navigate a complex organisation as well as build strong relationships and work collaboratively with teams across the business
• Ability to operate remotely, in a diverse and multi-cultural environment with international work or consultancy exposure

We have a diverse workforce and an inclusive culture at M&G Global Services, regardless of gender, ethnicity, age, sexual orientation, nationality, disability or long term condition, we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.