Cyber Risk Oversight Consultant
Cyber Risk Oversight Consultant - x3 positions
Working with M&G Prudential as a Cyber Risk Oversight Consultant means becoming part of a brand with a global reputation and an exciting vision: to be the most loved and most successful saving & investments business.
The forthcoming planned de-merger of M&G Prudential from the Prudential Group PLC provides a terrific opportunity to create a truly international and integrated savings and investments firm. A firm built on a rich and long history and with a commitment to an innovative future centred on the needs of customers and clients. There is a genuine opportunity to drive competitive advantage with value creation through the formation of this new organisation.
If you're inspired to join us, and have the necessary qualities, then this could be the opportunity you've been looking for. The Role:
The M&G Prudential Risk function is responsible for effectively advising and challenging key stakeholders, challenging risks effectively and proactively, and adding value through providing enhanced business insights to support the delivery of customers' long-term needs.
Enterprise and Operational Risk (E&OR) maintains the overall Risk Management Framework, leads, coordinates and manages a range of enterprise wide risk management processes and manages the overall Risk Reporting (including ORSA, Use test and ERC reporting). Operational and Technology Risk teams provide 2nd line oversight, advice and challenge in relation to the Operational risks incl. Technology Risks that M&G Prudential may be exposed to.
The Cyber Risk Oversight Consultant reports to the Head of Technology Risk. This role is responsible for managing the oversight of cyber security risk including evaluating the strength of the first line controls and determining the holistic level of cyber threat. This role will also take responsibility for facilitating the appetite statements relating to Cyber risks. Key Responsibilities:
- To develop and maintain high level Cyber Risk policy, embedding relevant Group, regulatory and industry good practice requirements
- To manage the risk appetite statements for technology and digital risks in relation to cyber and provide reporting to the Risk committee of performance against these statements sampling
- To oversee and guide cyber risk mitigation projects and controls improvement initiatives
- To assess the effectiveness of processes and internal controls implemented by the first line and infrastructure functions (M&G Prudential) through a programme of a sampling to evaluate their quality and associated documentation, and feedback for action
- To participate in cyber incident response planning, testing, and execution when invoked to support a real incident
- To participate in the annual programme of deep dive and thematic reviews, where these relate to cyber and understand the lessons learnt
- To assess first line processes and technical analysis of cyber security events and root cause as well as remedial solutions, and provide a second line view on their effectiveness
- To provide advice and guidance on compliance with regulatory requirements that relate to cyber risk
You will have:
- Experience of delivering Deep dive reviews and control assessments
- Experience of analysing and interpreting complex rules and regulations and applying such knowledge to provide solutions to business problems and issues
- Experience of guiding the response to Cyber attacks and other security incidents
- Experience of facilitating senior management agreement on a collective appetite statements
- Experience of authoring and delivering papers to Risk Committees and senior management teams
- Experience challenging the business's (including IT) cyber direction
- Experience in communicating the practical impact of regulatory obligations
- Knowledge of key security technologies
- Knowledge of financial services regulatory and legislatory frameworks
- Knowledge of Cyber incident response
- Knowledge of industry best practice and good network / links with individuals and external bodies
- Knowledge of protection methods for online customer transactions
- Knowledge of risk frameworks and their oversight
- Knowledge of Prudential products, systems and distribution > methods
- Knowledge of major project delivery methods
- Knowledge of life and pensions products, markets, and competitors
- Knowledge of cyber (including Information security) risk and controls including strategy and external threats
- Knowledge of the Statements of Principle and Code of Practice
People who work at M&G Prudential agree that ours is a great place to work with a brilliant team spirit. It's also an innovative, high-performing, commercial environment that's totally focused on customers. As an M&G Prudential colleague you'll get all the support you'd expect, including full training and professional development. You'll receive a competitive salary and reward package. And in a fast-changing world, you'll join an organisation that's leading the way in helping customers achieve their long-term financial goals.
M&G Prudential is committed to a diverse and inclusive workplace. Our role as an employer is very simple - to provide the right environment for talented people to do their best work, by respecting, un derstanding and valuing individual differences.
We welcome applications from individuals who have taken an extended career break, and we are willing to consider flexible working arrangements for all of our roles. Recruiter:
Beth Eckersley Location:
London, Reading, Edinburgh or Stirling