Cyber Risk Analyst

Stirling - UK

Monthly Salary: Not Disclosed

Posted on: 4 days ago

Vacancies: 1 Vacancy

Job Summary

Our purpose is to give everyone real confidence to put their money to work. With a heritage dating back more than 175 years we have a long history of innovation in savings and investments combining asset management and insurance expertise to offer a wide range of solutions.

Our two distinct operating segments Asset Management and Life work together to provide access to balanced long-term investment and savings solutions.

Through telling it like it is owning it now and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent.

We will consider flexible working arrangements for any of our roles and also offer work place accommodations to ensure you have what you need to effectively deliver in your role.

Context:

The Cyber Risk Analyst reports to the Lead Cyber Risk Consultant and is part of the Technology Risk Team which forms part of the Second Line of Defence in the Non-Financial Risk function.

The Cyber Risk Analyst will support the Lead Cyber Risk Consultant in providing independent second-line oversight of first-line cyber security across M&G plc. You will be a subject matter expert who:

Evaluates challenges and supports first-line with controls across areas such as Threat Intelligence Vulnerability Management Security Engineering Application & Cloud Security SOC and Security Awareness.
Plans Red Team testing and manages stakeholder engagement and remediation follow up.
Plans and can perform (where appropriate) scheduled and ad hoc cyber assurance testing to validate remediation and investigate concerns.
Provides specialist cyber and technology risk advice to the Non-Financial Risk team.
This role sits within Risk & Compliance and focuses on delivering clear independent insight to support informed decision-making.

Key Responsibilities:

The key responsibilities of this role are to support the delivery of second line cyber risk oversight of first line cyber security. This involves:

Provide second-line oversight of firstline cyber controls assessing their design implementation and effectiveness.
Identify and report cyber risks supporting formal risk processes (RCSAs assurance actions) to ensure timely closure.
Plan and manage second-line red team programmes and where required support regulatory or auditor testing (e.g. CBEST/FCA/PRA) to drive resilience improvements.
Plan and deliver second-line scheduled and adhoc assurance testing (penetration red team vulnerability sampling) to validate first line remediation and control effectiveness.
Challenge first-line to track and drive remediation of findings from testing reviews and incidents ensuring clear remediation plans and closure.
Analyse first-line cyber processes and technical incident responses to identify gaps root causes and pragmatic remedial actions.
Oversee cyber risk mitigation projects and control improvement initiatives to reduce exposure and strengthen defences.
Communicate risk findings and recommendations clearly to stakeholders enabling timely informed decisionmaking.

Key Knowledge Skills & Experience:

Experience in financial services consulting or technology roles in cyber security or technology risk (essential)
Broad cyber security expertise: risk management security architecture engineering threat intelligence vulnerability management and incident response (essential)
Understanding of second-line assurance: risk taxonomy appetite KRIs and controls (essential)
Experience with red teaming penetration testing or vulnerability scanning (essential)
Knowledge of enterprise security products and cloud (primarily Microsoft Azure) (essential)
Familiar with CI/CD DevSecOps SAST/security scanning and Agile ways of working
Comfortable with risk/issue tracking tools risk reviews and clear stakeholder reporting
Able to produce gap analyses against policies/standards using industry best practice
Experience in SOC or incident response teams
Excellent report-writing and communication skills
Knowledge of national/international cybersecurity laws regulations and ethics relevant to financial services
Able to work in diverse multi-cultural teams with international exposure
Curious analytical and pragmatic problem-solver

Preferred Education and Professional Qualifications:

Degree (BSc MSc or equivalent) in Cyber Security Computer Science Engineering or a related discipline.
Relevant certifications in cyber security and cloud: CISSP CISM CCSP OSCP GPEN GCIH GCIA CPSA CRT CCT (or equivalent).

Experience Level: Experienced Colleague

Recruiter: Helen Simons

What we offer:

At M&G were committed to helping you thrive and supporting your wellbeing both at work and beyond. Our benefits are designed to help you balance your professional and personal life while planning confidently for your future. Our UK benefits include:

As a savings and Investments firm we are proud to offer a valuable pension scheme of 18% with 13% made up of Employer Contributions and 5% Employee Contributions. We also offer Share Save and our Share Incentive Plan together with access to financial wellbeing and support services - to help give you real confidence to put your money to work.
Enjoy 38 days annual leave including bank holidays with the opportunity to purchase up to 5 extra days and additional flexibility through our Time Off When You Need It policy to balance your work and personal commitments.
Our market leading Inspiring Families policy includes comprehensive support and paid parental leave covering maternity adoption surrogacy and paternity leave - as supporting families is a core aspect of our inclusive culture.
Health & Protection cover including Private Healthcare Critical Illness cover and Life Assurance for you with family options - for peace of mind.

To explore more about life at M&G and our full benefits offering visit Life at M&G

We have a diverse workforce and an inclusive culture at M&G underpinned by our policies and our employee-led networks who provide networking opportunities advice and support for the diverse communities our colleagues represent. Regardless of gender ethnicity age sexual orientation nationality disability or long term condition we are looking to attract promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.

M&G is also proud to be a Disability Confident Leader and we welcome applications from candidates with long-term health conditions disabilities or neuro-divergent conditions.

Ifyou need assistanceor an alternative means of applying for a role due to a disability or additional needpleaselet usknow by contacting us at:

Required Experience: