Business Information Security Officer
At M&GPrudential our vision is: to become the best loved and most successful savings and investment business and we're looking for people who are excited about joining us on our journey. We're digitally transforming and investing heavily in technology and innovation to develop new and improved customer propositions that really raise the bar for our customers. To help us achieve our vision we're looking for exceptional people who live our values and behaviours and who can inspire others; embrace change; deliver results and keep it simple.
What you can expect from us:
We are committed to creating an environment where you can be exceptional at all you do. To help us deliver this, we promise to:
- Challenge Your Limits by creating a stimulating working environment and providing opportunities for you to be involved in meaningful and challenging work
- Support Your Aspirations with a commitment to learning and development that helps you achieve and build your experience with people who want you to succeed
- Value Your Input whereby leaders and managers will involve you in key decisions, listen to your thoughts and recognise the important contribution you make
- Balance Your Life through a work life partnership that focuses on making this an inclusive, diverse and friendly place to work and offers the flexibility and support that enables everyone to be at their best
The BISO leads delivery of information security services to their aligned business unit(s), providing bi-directional communication between the Enterprise Security and business unit senior leadership teams.
Working closely with the business unit senior leadership, including direct interface with executive stakeholders, the BISO advises them on information security matters and communicates security risks effectively and in terms that are meaningful to the business audience.
The BISO has a deep understanding of the key assets and processes of their aligned business unit(s) and works with the aligned business unit IT Directors to ensure that IT services are delivered in a way which maintains the security of those assets and processes.
The BISO is additionally accountable for conveying business unit needs relating to information security into the CISO organisation to enable strategic alignment of information security activity.
To succeed in the role, the BISO will require an expert-level understanding of information security, along with the ability to communicate technical matters in terms that are meaningful to a non-technical audience. Expert stakeholder management and influencing skills are required to achieve the right outcomes for the business.
• To lead by developing an understanding of business goals in order to constructively engage senior business leadership on information security, establishing improvement opportunities and driving good risk decisions.
• To lead, conveying business unit needs related to information security to the CISO and CISO team, enabling alignment of the M&G Prudential UK information security strategy to business unit objectives.
• To lead the delivery of information security services to their aligned business unit(s), with accountability to the business unit IT Director(s) and business unit senior leadership team for all aspects of information security.
• To advise business unit senior leadership and technology teams on information security matters, communicating security risks effectively and in terms that are meaningful to the business.
• To advise the business on emerging information security threats and allow exploration of opportunities enabled by security innovation.
• To operate oversight of all information security activities and programmes for the business unit.
You will have:
• Expert level knowledge of information security domains
• Expert level knowledge in information security threats and technology developments and implementation of new technology solutions
• Expert level knowledge of security-related business risk
• Detailed knowledge of health of business unit information security programme
• Detailed knowledge of business unit IT strategy and objectives
• Working knowledge of the regulatory regimes pertaining to the organisation and our business unit customers
• Working knowledge of business unit strategy and objectives
• Experience of working with executive level stakeholders
• Experience of risk management / governance within a regulated environment (ideally FS)
• Experience of leadership with an information security remit
• Experience of setting information security strategy in a changing environment
• Experience of delivering cultural change
• Professional information security qualification, e.g. CISM, CISSP (S)
• Management qualification, e.g. MBA (Desirable)
At M&GPrudential Diversity and Inclusion is a strategic objective. We know that an inclusive environment makes us more accessible and ensures we attract, engage, promote and retain exceptional people. We welcome applications from all individuals regardless of age, gender/gender identity, sexual orientation, ethnicity/nationally, disability, or military service and welcome those who have taken career breaks. We will consider flexible working arrangements for any of our roles.