Role PurposeDeveloping cyber defence capabilities to protect LSEG from cyber threats that impact the confidentiality, integrity, and availability of group assets. Domain area is Vulnerability & Threat Management.
Reports to: Senior Manager, Vulnerability & Threat Management
Direct Reports: No direct FTE reports, but may handle contingents and vendor/partner resources.
Location: Flexible working - London; this role will have some elements of paid on-call.
Key Relationships & CommitteesStakeholders include the wider security team, security architecture, cyber strategy business function, governance, risk and compliance, global security operations centre, programme management, Entity level Business Information Security Officers (BISOs), infrastructure & cloud operations, engineering and architecture teams, internal risk and audit functions, architecture and corporate approval forums, and external collaborators/partners/vendors, regulators, and industry schemes.
Key Responsibilities- Develop and be responsible for the strategies, architectures, designs, and associated artefacts. Technologies have clear roadmaps and lifecycles defined.
- Lead the controls and ensure they remain effective through their lifecycle.
- Lead projects with significant risk profiles as part of the cyber programme and other initiatives.
- Run and deliver changes to controls which are not part of project activity.
- Develop key indicators, analysis, and artefacts to continually evidence and report control effectiveness and risk.
- Provide critical issue support for any operational incident.
- Solve sophisticated problems related to the domain area.
- Remain current with principles, concepts, and new technologies.
- Influence vendor roadmaps and functionality in support of LSEG objectives.
Critical Work- Delivery of activities against agreed cyber security strategies.
- Delivery of key artefacts associated with the role.
- Ongoing control operation and effectiveness evidencing.
- Reporting, development, and management of agreed measures and key performance indicators.
ImpactThis role has impact across all parts of the business, responsible for relevant group security controls to mitigate risks from cyber-attacks. Impacts include financial, economic, regulatory, customer, and brand. It is key to addressing regulatory concerns for all regulated entities related to cyber security and resilience.
Key Critical Metrics- Delivery of projects and BAU activities within agreed timescales.
- Identified issues are fixed and remain fixed.
- Key artefacts for activities performed exist and are accurate.
- Agreed measures related to controls owned by the role are delivered.
Technical / Job Functional Knowledge- Knowledge and experience of vulnerability and threat management technology.
- Knowledge and experience of different operating systems and platforms.
- Architecture and engineering of layered control capabilities.
- Solid grasp of information security principles and methodologies.
- Deep understanding of Adversary Tools, Techniques, and Procedures (TTPs).
- Threat Modelling experience.
- Broad technology knowledge across non-core domain areas.
- Modern engineering practices and automation.
- Structured problem-solving practices.
- Policies, standards, and security frameworks.
- Risk and control management, monitoring, and reporting.
- Works independently with sound judgement.
- The role holder is likely to hold relevant security or engineering/architecture certifications.
Business and Sector ExpertiseExperience in technology in financial services and/or regulated environments preferred. Must have significant experience in security-focused roles, with over 5 years in security roles and more than 10 years in technology.
Personal Skills and Capabilities- Collaborating across the group for successful outcomes.
- Takes ownership and commits to delivering sustainable outcomes.
- Proven track record of delivering results without compromising quality.
- Critical thinker with a broad perspective.
- Willingness to work across different technologies.
- Capability to quickly assimilate new concepts.
- Takes ownership of career development.
- Delivering constructive feedback.
- Adapts messaging for different audiences.
- Measured and considered in fast-paced situations.
Company OverviewLSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies, and enabling sustainable growth.
We are proud to be an equal opportunities employer and do not discriminate based on any protected characteristic. We accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.
Please read our privacy notice carefully, as it describes what personal information LSEG may hold about you, its use, and your rights.
#J-18808-Ljbffr