Security Consultant

At M&G our purpose is to give everyone real confidence to put their money to work. As an international savings and investments business with roots stretching back more than 170 years, we offer a range of financial products and services through Asset Management, Life and Wealth. All three operating segments work together to deliver attractive financial outcomes for our clients, and superior shareholder returns.

Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent.

We will consider flexible working arrangements for any of our roles and also offer work place accommodations to ensure you have what you need to effectively deliver in your role.

The Security Consultancy (SecCon) team are information technology specialists at the forefront of ensuring our technology change initiatives are delivered securely. We need leaders who are technical security experts and are confident dealing with a range of stakeholders from IT, the business, and strategic partners. You will be working on exciting new change initiatives, helping security and our business partners to achieve the digital ambitions across web, mobile and cloud.

As a Security Consultant within M&G you’ll have the opportunity to lead change, working on a wide range of different projects & platforms, translating best practice into high level security requirements, researching modern technologies to assess designs for implementation, and explaining threats and vulnerabilities to stakeholders in support of risk management. You’ll also be working closely with our security engineers to understand and develop the enterprise’s security architecture and integrate them into change initiatives.

Primary Key Responsibilities

• Ensuring technical and solution designs are compliant with our controls, be able to articulate a position on the security of the design and work with platform teams to remediate any gaps.
• Working with 1st line risk and technology teams to assess the implications of any control gaps which cannot be remediated
• Act as the entry point for Security and provide security advice and guidance, including identifying and assessing security threats, vulnerabilities, and risks for all change and BAU  initiatives
• Representing enterprise security at technical design authorities to ensure solutions presented meet security best practice. Working any highlighted issues to resolution.
• Work with different areas in enterprise security to reduce friction and apply necessary security integrations for new technologies and ensure Security is embedded in solutions as early as possible.

Additional Responsibilities

• Remain current with emerging security technologies and feed into strategic technology discussions.
• Tailor and present complex data to different stakeholders.
• Provide security advice and guidance to technology programs, third party integrations, supply chain engagements and longer term projects.
• Focus on future developments, technologies and regulations which could affect the firm or our partners, and the impact they could have on our controls
• Excellent written and verbal communication with technical and non-technical stakeholders, IT teams, and external partners.
• Key involvement in technical design governance process. Must be able to tell it how it is in front of senior stakeholders.
• Provide guidance and support during the implementation of security measures and technologies
• Prepare comprehensive reports and documentation detailing findings, recommendations, and action plans
• Analyse security risks and develop risk management strategies as required
• Assist in creating and updating security policies, standards, and procedures to ensure control compliance and best practices as required

Knowledge

• A good understanding of Azure security is essential and M365 / Microsoft Power Platform security capabilities would be an advantage.
• An excellent understanding of securing applications, infrastructure and networks. This includes a detailed understanding of security technologies required to secure an enterprise, their capabilities and interoperability covering:
  • Cyber / Web Security (Firewalls, DoS, Proxies, CDN / WAF, API Gateways etc.).
  • Threat & Incident Management (SOC, SIEM, Threat Intelligence, etc)
  • Data Security (DLP, DRM, etc)
  • IDAM (FIAM, SSO, etc).  Experience of Azure AD would be advantageous.
  • Mobile Security (EMM, MAM, MDM etc).
  • Cryptography (including Key Management and PKI)
  • Desktop / Server / Virtualisation Security (vulnerability and patch management, malware protection, etc)
• Working knowledge of infrastructure and application security requirements

Detailed working knowledge of infrastructure and application security requirements, demonstrated through understanding of recognised information security management and governance frameworks such as, ISF Standards of Good Practice, NIST 800-53 or CIS 7.1. An understanding of the regulations and legislation that apply to a pension and investment organisation would be advantageous

Skills

• Strong stakeholder management skills.
• Highly organised, excellent prioritisation and planning skills
• Confident and effective communicator (both written and verbal) across all levels of the organisation to influence using risk-based reasoning.
• Extensive experience in articulating complex requirements as easy to understand security designs using threat profiling, reusable models and architecture principles
• Ability to work alone or as part of a team, whilst working on multiple items at the same time.
• Ability to work with limited supervision, seeking guidance where appropriate.
• Ability to translate complex technical issues into meaningful details for non-specialist audiences.
• Ability to understand organisational culture and use this knowledge to gain commitment and get work done.
• Strong facilitation skills to elicit information from key stakeholders internally and externally.
• Creative thinking to contribute to the overall solution design.
• Proven and demonstrable analytical and problem-solving skills essential, with the ability to think laterally and generate creative solutions.
• Excellent organisational and prioritisation skills with a keen attention to detail and ability to manage multiple deliverables, with complexity.
• Strong risk mindset to support project engagements in risk identification and mitigation proposals.
•  Excellent interpersonal communication skills and establishing professional rapport
• Good negotiating skills
• Good problem-solving skills

Experience

• 12+ years of experience in Cyber Security with at least 4 years as an experienced Security Consultant with a proven track record in successful delivery
• Extensive experience of working in a business facing IT or Cyber Security role, ideally within a regulated environment.
• Experience of securing applications, infrastructure and networks.
• Experience of securing cloud / cloud hybrid services (including IaaS, PaaS and SaaS variances) as well as mobile security models. Experience of Salesforce, Oracle Cloud Infrastructure and Adobe Experience Manager would be advantageous.

Education / Qualifications

• Bachelor’s/Master’s degree required or an equivalent professional qualification
• A recognised information security qualification, such as CISSP, CISM, CCSK etc.)

Recruiter : Martyn Jack

We have a diverse workforce and an inclusive culture at M&G plc, underpinned by our policies and our employee-led networks who provide networking opportunities, advice and support for the diverse communities our colleagues represent. Regardless of gender, ethnicity, age, sexual orientation, nationality, disability or long term condition, we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.

M&G is also proud to be a Disability Confident Leader, and we welcome applications from candidates with long-term health conditions, disabilities, physical, mental health or neuro-divergent conditions.  We participate in the Disability Confident ‘Offer an Interview’ scheme, which means that candidates with disabilities or long-term health conditions who meet the minimum criteria of a job, will be offered an interview if they 'opt in' to the scheme when applying.  These candidates are also supported to ensure they have the best opportunity to demonstrate that they can do the job.

If you need assistance or an alternative means of applying for a role due to a disability or additional need, please let us know by contacting us at: careers@mandg.com