LSEG Governance, Risk & Compliance Analyst in London, United Kingdom
Information Security Governance Risk and Compliance (GRC) Analyst
The purpose of this role is to assist the LCH Business Information Security Officer (BISO) in the all security matters relating to the oversight of the Information Security, Cyber Security and Data Privacy programmes within LCH. Working with the BISO, and other LSEG/LCH colleagues, you will ensure that the critical business systems and data assets of the organisation are adequately protected and that all related internal controls remain within risk appetite or have appropriate risk reduction plans in place to bring them into risk appetite. The role will ideally suit to a strong Governance Risk and Compliance Information Security Analyst who along with those core skills and proficiencies, also has a solid understanding of technology and security engineering and architecture principles.
Key responsibilities include:
Assisting in the oversight of Information Security by:
Reviewing the information security controls that enable LCH Ltd to conduct its business in a secure manner,
Monitoring and analysing the information security roadmap and programmes within LCH Ltd, identifying risks, trends and future opportunities for continuous improvement and enhancement.
Engaging regularly with the different teams delivering cyber services and projects including attending operational, advisory and governance meetings to provide oversight of the delivery of cyber services and programme to LCH Ltd,
Engaging with external third parties who provide services to LCH Ltd, and working closely with the established internal third party oversight functions to ensure appropriate and contracted levels of security are met,
Ensuring the established Cyber Risk Profile of LCH Ltd is constantly reviewed and updated so that it remain an accurate reflection of current state.
Maintaining the LCH Ltd Risk Control Self-Assessment (RCSA) as it relates to information security, cyber security and data protection.
Maintaining the established key performance and key risk indicators and ensuring that all management information (MI) is an accurate reflection of the controls estate
Maintaining an accurate set of presentation materials that clearly and accurately present the current state of security control within LCH Ltd,
Engagement with the business to:
Develop an understanding of business goals and risks in order to constructively engage business leaders on information security matters, identifying key areas for improvement, and supporting the risk management decision processes,
Assisting with the identification of emerging information and cyber security threats to the business, and the subsequent analysis to realise risk mitigation plans,
Build strong relationships within the business to gain an understanding of security-related business risks.
Embedding Cyber across the firm by:
Working closely with all necessary stakeholders in the business and technology areas to ensure compliance with established policies, standards and procedures, etc.
Constructively and pragmatically challenging established controls to ensure and accommodate continuous improvement.
Ensuring stakeholders understand their responsibilities in relation to security risk mitigation and remediation,
Monitoring information security trends and keeping business leadership informed about information security-related issues and activities potentially affecting the organisation and specific business functions.
Security awareness and training:
Working closely with the established Security Awareness and Training functions to ensure that staff understand their security responsibilities.
Assisting with education and awareness exercises (including testing), and preparation of appropriate management information (metrics and measures).
assisting with and delivering awareness and training presentations to staff
Communicating the importance and promoting awareness of information security to the business.
Assist the BISO in increasing business awareness of emerging security threats and risks.
Helping develop a security culture within the business.
Partnering with the different business control functions;
Assisting with information security compliance and risk assessment efforts,
Maintaining a balanced relationship with risk, compliance, and with internal and external audit functions,
Providing guidance for audit preparation and addressing audit findings;
Preparation of evidence artefacts relating to information security and cyber security matters.
Knowledge of technology, security and threat landscapes:
Staying abreast of emerging technologies, including security technologies,
Sustaining a deep and in-depth knowledge of the cyber threat landscape,
Maintain and constantly enriching knowledge of information security and cyber risks as they develop, being able to clearly and concisely demonstrate the appropriate counter measures.
Remaining informed and knowledgeable on primary global data protection regulations and legislation
Experience and core skill requirements:
8-10 years minimum, 5 of those in a demonstrable Information Security GRC role
High performance in problem solving, innovating and critical thinking
Excellent written/verbal communication and stakeholder management skills
Ability to articulate ideas to both technical and non-technical audiences
Must be capable of working pragmatically in both a team and alone
Able to prioritise workloads efficiently and appropriately with minimal supervision
CISSP, CISM, CISA, CRISC, CCSP, CCSK, CEH
Working knowledge of; ISO27K, NIST, CIS, CSA STAR, CBEST, TIBER
People are at the heart of what we do and drive the success of our business. Our culture of connecting, creating opportunity and delivering excellence shape how we think, how we do things and how we help our people fulfil their potential.
At LSEG we embrace diversity and actively seek to attract individuals with unique backgrounds and perspectives. We break down barriers and encourage collaboration, enabling innovation and rapid development of solutions that make a difference. Our workplace generates an enriching and rewarding experience for our people and customers alike. Our vision is to build an inclusive culture in which everyone feels driven to reach their potential.
We know that real personal growth cannot be achieved by simply climbing a career ladder – which is why we encourage and enable a wealth of avenues and interesting opportunities for everyone to broaden and deepen their skills and expertise.
LSEG are committed to supporting emotional, physical, financial and societal wellbeing. Our tailored benefits are a key part of this commitment and we offer colleagues a range of support from healthcare and retirement planning to paid volunteering days and consumer discounts.
We also make reasonable accommodations for applicants and employees with disabilities. If an accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please make your recruiter aware, we want to ensure you perform at your best.
As a global organisation spanning 70 countries and one rooted in a culture of growth, opportunity, diversity and innovation, LSEG is a place where everyone can grow, develop and fulfil your potential with purposeful careers.
Please take a moment to read this privacy notice (https://www.lseg.com/sites/default/files/content/documents/Global%20Applicant%20Privacy%20Policy%20Feb%202021.pdf) carefully, as it describes what personal information the London Stock Exchange Group (LSEG) (“We”) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject (https://privacyportalde-cdn.onetrust.com/dsarwebform/5f7a2da0-bed0-45e8-ac2c-c1f297e2efdc/4ae30ef5-8107-4353-a0b5-1bf34dd647f6.html.) .
If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.