To manage and run a schedule of cyber, information and IT security assurance reviews to assess Business Unit compliance with Group cyber and information security policy. To review the appropriateness and effectiveness of implemented Business Unit cyber, information and IT security policy control frameworks, risk identification and processes.
Accountabilities & Responsibilities
• Develop, manage and execute a schedule of cyber, information and IT security assurance reviews
• Produce Business Unit and Group level reports on the status of implemented cyber, information and IT security controls
• Map control status to the Group Security eGRC and provide appropriate Group-wide metrics and indicators for cyber, information and IT security and assurance levels
• Provide advanced warning to Group and Business Unit of potential cyber, information and IT security control weaknesses
• Monitor and report on progress of Business Unit remediation plans and corrective actions identified by reviews
• Use the output and knowledge gained from assurance reviews to shape the development of Group information security policy, technical standards and procedures
• Track, and assess the impacts and outcomes of cyber, information and IT security incidents, identifying trends or opportunities to increase the effectiveness of implemented security
• Assess and document Group level cyber, information and IT security risks based on analysis of Business Unit level returns
• Develop and deliver a Group level cyber and information security Assurance Maturity Model
• Provide consultancy on the interpretation and implementation of Group Security Policy
Competence / Knowledge / Skills required:
• Deep experience of implementing information and IT security policy and systems, including supporting procedures and technical standards.
• Experienced in all or most of the following:
o International security control standards (e.g., ISO, ISF)
o Security architecture, infrastructure and technologies, e.g., network security, web services, operating and systems, etc.
o Implementation (and management of) information and IT security controls
o Information / IT Security audits and reviews
o Technical and procedural risk analysis,
o Information and IT security policy development
o Information and IT security compliance monitoring
• Ability to manage Information security projects related to all areas of Prudential business
• Strong analytical skills
• Good written and communication skills
• Pro-active, with the ability and confidence to drive forward discussions, co-ordinate activities, make judgements and take decisions.
• Ability to work under pressure and cope with competing demands
• Able to deal with people at all levels
• A team player, with good listening skills and empathy. Must be personable, and able to build strong relationships across the business.
• Ability to deal appropriately with information which may be highly sensitive
• Appropriate Graduate and / or Professional Qualifications (or equivalent industry experience)
• Member of recognised industry professional association