Humanity is facing fundamental challenges, with the future of our planet hanging in the balance. As the principal investment arm of the Legal & General Group, our aim at Legal & General Capital is to generate long-term shareholder value, while helping build a better society. We seek opportunities to invest in sectors most in need of investment and innovation, such as residential housing, large-scale urban regeneration and future cities. We're backing investment in infrastructure and clean energy, and in start-up businesses to drive innovation and growth across the UK. We're building partnerships between the public sector and institutional investors to accelerate housing delivery, create jobs, support local businesses and transform communities. This helps to create new asset classes for Legal & General's varied investment requirements, our partners and the wider marketplace.
Job Description
We are currently recruiting an IT & Data Privacy Risk Manager to join our team.
In this role, you will support the L&G Capital (LGC) Risk team in the oversight of the design, implementation, and effectiveness of the LGC's technology and data risk and control framework, and adherence to the relevant Group and Divisional technology, information and data security policies.
The role will be varied including advising, maintaining oversight and challenging LGC and its subsidiary businesses on risk management activities relating to technology, information security, and Data Privacy and protection matters and risks.
What you'll be doing
- Risk and Control Framework: Supporting divisional stakeholders to ensure effective implementation and embedding of the technology and data protection policies, standards and controls in a consistent manner to minimise risk exposure, supported by accurate and timely measurements and reports, as needed.
- Assurance Reviews: Leading on, coordinate and maintain assurance activities across LGC and its operating businesses, in line with LGC's Risk Management and Internal Control Frameworks and relevant Group Policies reporting to senior management, Group and/or LGC's Risk Committees on the adequacy and effectiveness of the division's design and operation of key technology, information security, Data Privacy and protection risks and controls.
- Technology & Data Risk Subject Matter Expertise: Acting as a subject matter expert by providing advice, guidance, and on-going support to LGC and its operating businesses regarding key technology, information security, and Data Privacy and protection risk governance, policy interpretation and application, intermediary to Group DPO and CISO, whilst also obtaining appropriate risk intelligence as part of discharging oversight responsibilities.
- Risk and Control Data Analysis: Exploiting operational data within the LGC's risk management systems (including OneSumX, ServiceNow, Prevalent) to build holistic views of the technology and Data Privacy Risk and control environment, and related measures and metrics to assess that risk exposures are within acceptable tolerances.
- Change & Transactional Assurance: Providing support, oversight and assurance over Direct Investment transactions and Divisional/Group related change programmes by advising and opining on the projects or transactions risks and controls, enabling key stakeholders and governing bodies make risk-informed decisions.
- Risk Event Analysis: Providing oversight, support investigations and perform analysis of risk events, data breaches, cyber security threats and any other technology incidences, which impact LGC and/or its operating businesses, including determining resolution and remediation, trending, and reporting on broader lessons learnt to drive improvements in the wider technology and Data Privacy Risks and controls. This may also require supporting any production of specific risk reports and provision of data for regulatory submissions.
- Report Preparation: Collating and aggregate divisional risk registers and risk acceptances to produce reports for the LGC Risk Committee, LGC Operational Risk Committee and Group Technology Risk Committee. Liaise with 1st line and operating businesses to prepare and review inputs for committee papers to enable discussion and decisions.
- Health & Safety: Acting in accordance with the company's H&S arrangements and procedures and to undertake the appropriate training required to ensure that they can carry out their role with due consideration to the safety and wellbeing of themselves and others.
What we're looking for
- Technology/IT/Computing degree level or equivalent industry experience
- A technology risk management, auditing or similar qualification would be beneficial but is not essential (i.e. CRISC, CISA, CISSP, Practitioner Certificate in Data Protection)
- Demonstrable knowledge of technology risk and control practices, including such frameworks as, ISO27001, COBIT, NIST RMF / CSF / 800-53
- Knowledge of approaches to data analysis and use of data analytics is beneficial
- Ability to use data to provide meaningful assessments and reports
- Good understanding of technology including applications, security, service and infrastructure management, databases, servers, middleware, messaging, mainframe and networks
- Good understanding of GDPR regulation, including regulatory reporting and response to data breaches.
- Good understanding of IT, Information Security & Data Privacy risks, including confidentiality, integrity, availability, authenticity.
- Good understanding of operational IT resilience and how it impacts on service availability, continuity, change, supplier, incident, capacity and cyber event resilience
- Ability to express independent thoughts and opinions, along with maintaining ownership of and effective delivery of work deliverables and collaboration to support others in timely task delivery
- Strong stakeholder management - building long-term collaborative relationships internally and externally through strong inter-personal skills with engaging a range of seniority levels, along with effective written and verbal communication skills
When you commit to Legal & General, we'll commit to you too. That means we'll recognise and reward your hard work, your performance and your contribution.
If you join us, you'll get access to some great benefits, including private medical insurance, 27 days holiday (excluding bank holidays), a generous pension scheme, life assurance, and Inc