Senior Manager, Business Information Security

Senior Manager, Business Information Security

LSEG is your trusted global financial markets infrastructure and data provider. Discover how we deliver value for our customers.

Reviewing and assessing the information security and cyber controls that enables FTSE Russell to conduct its business in a secure manner, and gap analysis of the same and the oversight of InfoSec/Cyber related control gap/risk remediation activities.

Lead and analyse the information security roadmaps, strategies, programmes, and projects within FTSE Russell, identifying and reporting risks, trends, and future opportunities for improvement and enhancement, proactively engaging and working closely with the technology and cyber teams.

Provide updates to the FTSE Russell management from the three lines of defence regarding the delivery and progress of the various strategic cyber initiatives and broader cyber programme within LSEG.

Engage with external third parties who provide services to FTSE Russell and work closely with the established internal third-party oversight functions to ensure appropriate and contracted levels of security are met.

Establish and maintain a Cyber Risk Profile of FTSE Russell in line with other areas of LSEG and assist with the establishment towards maintenance of a Risk Control Assessment (RCA) that focuses on InfoSec/Cyber risks and associated controls.

Drive established key performance indicators including executive level presentation materials and key risk indicators, ensuring that all management information (MI) is an accurate reflection of the current control’s estate.

Assess the security architecture solution designs and risk position of projects and initiatives undertaken by FTSE Russell, working closely with associated SMEs and design authorities to ensure projects are delivered in compliance with Policies and Standards, and with security design principles considered/implemented as key success results.

Develop business goals and operational risks, identifying key areas for improvement and supporting the risk management decision processes and risk forums/committees.

Assist with the identification of emerging information and cyber security threats to the business, leading all aspects of risk mitigation plans and building positive relationships within the business to gain an understanding of security-related business risks.

Work closely with governance stakeholders in the 1st, 2nd, and 3rd lines of defence on all matters relating to information security, cyber risk, data privacy, including all regulatory and legislative considerations.

Constructively and pragmatically challenge established controls to ensure, recommend, and accommodate continuous improvement, ensuring management understands their responsibilities in relation to security risk mitigation and remediation.

Monitor industry information security trends and keep the business leadership informed about information security-related issues and activities potentially affecting the organisation and specific business functions.

Review and document the technologies and security controls across the firm, including areas such as office spaces, data centres, and cloud.

Implement and conclude the security controls maturity assessments against industry standards such as the NIST Cyber Security Framework, ISO27001/2, SOC2.

Review and respond appropriately to regulatory and legislative matters, producing and presenting risks and risk postures/cyber maturity to senior/executive bodies.

Build knowledge of business units by assisting them with their security workloads, agendas, and difficulties, maintaining a balanced relationship with risk, compliance, legal, human resources, and internal and external audit functions.

Key Skills

1. Knowledge of technology, security, and threat landscapes.
2. Staying abreast of emerging technologies, including all security technologies.
3. Sustaining a deep and in-depth knowledge of the cyber threat landscape.
4. Maintaining and constantly enriching knowledge of information security and cyber risks as they develop.
5. Ability to propose and explain appropriate cyber risk countermeasures clearly and concisely.
6. Remaining informed and knowledgeable on primary global data protection regulations and legislation.
7. Proven track record in senior InfoSec management roles, including presentations to Boards and regulatory engagement.
8. Extensive previous exposure to FS or FMI industry organisations.
9. High performance in problem solving, innovating, and critical thinking.
10. Excellent written/verbal communication and stakeholder leadership skills.
11. Ability to clearly articulate ideas to both technical and non-technical audiences.
12. Must be capable of working pragmatically and efficiently in both a team and alone.
13. Able to prioritise efficiently and appropriately with minimal supervision.
14. Able to work in a fast-paced, high-volume workload environment, prioritising accordingly.

Desirable & Advantageous Certifications:

1. CISSP-ISSAP, CISSP-ISSEP, CISM, CCSP, CCSK, CEH.
2. ISO27K, ISF SOGP, NIST CSF, CIS, CSA STAR, CBEST, TIBER-EU, SOC2.