Vice President – Enterprise Security (Security Consultant)

We are M&G Global Services Private Limited (formerly known as 10FA India Private Limited, and prior to that Prudential Global Services Private Limited). We are a fully owned subsidiary of the M&G plc group of companies, operating as a Global Capability Centre providing a range of value adding services to the Group since 2003. At M&G our purpose is to give everyone real confidence to put their money to work. As an international savings and investments business with roots stretching back more than 170 years, we offer a range of financial products and services through Asset Management, Life and Wealth. All three operating segments work together to deliver attractive financial outcomes for our clients, and superior shareholder returns.

M&G Global Services has rapidly transformed itself into a powerhouse of capability that is playing an important role in M&G plc’s ambition to be the best loved and most successful savings and investments company in the world.

Our diversified service offerings extending from Digital Services (Digital Engineering, AI, Advanced Analytics, RPA, and BI & Insights), Business Transformation, Management Consulting & Strategy, Finance, Actuarial, Quants, Research, Information Technology, Customer Service, Risk & Compliance and Audit provide our people with exciting career growth opportunities. Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent.

Primary Key Responsibilities (Top 3-5 KRA)

• Ensuring technical and solution designs are compliant with our controls, be able to articulate a position on the security of the design and work with platform teams to remediate any gaps.
• Working with 1st line risk and technology teams to assess the implications of any control gaps which cannot be remediated
• Act as the entry point for Security and provide security advice and guidance, including identifying and assessing security threats, vulnerabilities, and risks for all change and BAU  initiatives
• Representing enterprise security at technical design authorities to ensure solutions presented meet security best practice. Working any highlighted issues to resolution.
• Work with different areas in enterprise security to reduce friction and apply necessary security integrations for new technologies and ensure Security is embedded in solutions as early as possible.

Additional Responsibilities :

• Remain current with emerging security technologies and feed into strategic technology discussions.
• Tailor and present complex data to different stakeholders.
• Provide security advice and guidance to technology programs, third party integrations, supply chain engagements and longer term projects.
• Focus on future developments, technologies and regulations which could affect the firm or our partners, and the impact they could have on our controls
• Excellent written and verbal communication with technical and non-technical stakeholders, IT teams, and external partners.
• Key involvement in technical design governance process. Must be able to tell it how it is in front of senior stakeholders.
• Provide guidance and support during the implementation of security measures and technologies
• Prepare comprehensive reports and documentation detailing findings, recommendations, and action plans
• Analyse security risks and develop risk management strategies as required
• Assist in creating and updating security policies, standards, and procedures to ensure control compliance and best practices as required

Knowledge

• A good understanding of Azure security is essential and M365 / Microsoft Power Platform security capabilities would be an advantage.
• An excellent understanding of securing applications, infrastructure and networks. This includes a detailed understanding of security technologies required to secure an enterprise, their capabilities and interoperability covering:
  • Cyber / Web Security (Firewalls, DoS, Proxies, CDN / WAF, API Gateways etc.).
  • Threat & Incident Management (SOC, SIEM, Threat Intelligence, etc)
  • Data Security (DLP, DRM, etc)
  • IDAM (FIAM, SSO, etc).  Experience of Azure AD would be advantageous.
  • Mobile Security (EMM, MAM, MDM etc).
  • Cryptography (including Key Management and PKI)
  • Desktop / Server / Virtualisation Security (vulnerability and patch management, malware protection, etc)
• Working knowledge of infrastructure and application security requirements
• Detailed working knowledge of infrastructure and application security requirements, demonstrated through understanding of recognised information security management and governance frameworks such as, ISF Standards of Good Practice, NIST 800-53 or CIS 7.1. An understanding of the regulations and legislation that apply to a pension and investment organisation would be advantageous

Skills

• Strong stakeholder management skills.
• Highly organised, excellent prioritisation and planning skills
• Confident and effective communicator (both written and verbal) across all levels of the organisation to influence using risk-based reasoning.
• Extensive experience in articulating complex requirements as easy to understand security designs using threat profiling, reusable models and architecture principles
• Ability to work alone or as part of a team, whilst working on multiple items at the same time.
• Ability to work with limited supervision, seeking guidance where appropriate.
• Ability to translate complex technical issues into meaningful details for non-specialist audiences.
• Ability to understand organisational culture and use this knowledge to gain commitment and get work done.
• Strong facilitation skills to elicit information from key stakeholders internally and externally.
• Creative thinking to contribute to the overall solution design.
• Proven and demonstrable analytical and problem-solving skills essential, with the ability to think laterally and generate creative solutions.
• Excellent organisational and prioritisation skills with a keen attention to detail and ability to manage multiple deliverables, with complexity.
• Strong risk mindset to support project engagements in risk identification and mitigation proposals.
•  Excellent interpersonal communication skills and establishing professional rapport
• Good negotiating skills
• Good problem-solving skills

Experience

• 12+ years of experience in Cyber Security with at least 4 years as an experienced Security Consultant with a proven track record in successful delivery
• Experienced in working with international stakeholders especially from the UK
• Extensive experience of working in a business facing IT or Cyber Security role, ideally within a regulated environment.
• Experience of securing applications, infrastructure and networks.
• Experience of securing cloud / cloud hybrid services (including IaaS, PaaS and SaaS variances) as well as mobile security models.
• Experience of Salesforce, Oracle Cloud Infrastructure and Adobe Experience Manager would be advantageous.

Educational Qualifications

• Bachelor’s/Master’s degree required or an equivalent professional qualification
• A recognised information security qualification, such as CISSP, CISM, CCSK etc.)

We have a diverse workforce and an inclusive culture at M&G Global Services, regardless of gender, ethnicity, age, sexual orientation, nationality, disability or long term condition, we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.