Employer: M&G Investments
Location : London
Reference : 281015JP
Closing date : 18/03/2016
Employment type : Permanent
M&G Investments is Prudential plc’s UK based fund management business and is one of Europe’s leading active asset managers with more than £256.5 billion* of funds under management across fixed income, equity, property and multi-asset strategies.
-*as at 30 June 2015
Purpose
The Security Operations Manager will be responsible for setting the agenda and managing the majority of the IRM team’s first-line information security activities, including identity and access management.
Note: This is not a Security Operations Centre role.
Specific activity:
General
• Manage and set the agenda for Security Operations. This will involve setting objectives and undertaking staff performance assessments.
• Manage the Security Operations service in line with service management principles. This includes maintaining the service catalogue, the procedures manual and any other supporting documentation as required.
• Provide operational input and feedback to information risk staff when security policies, standards, and procedures are created or modified.
Identity and Access Management (IAM)
• Provide leadership and coordination for all of the Group’s IAM activity.
• Establish strategy and standards covering people, process and technology.
• Monitor the activity and controls operated by the IT provisioning teams, access requestors and HR staff maintaining identity data.
• Design and manage the Group’s system authorisation, access catalogue and role based access models. This will include processes for on-boarding of new systems.
• Manage the recertification of access rights.
• Ensure data quality within the IAMs system and monitor the overall health of the system.
• Provide the necessary support and training in use of the IAMs system.
• Contribute to the development of the IAMs software platform and roadmap.
Security Monitoring
• Maintain and enhance all of the Group’s first line security event monitoring and response procedures, ensuring that tasks align with risk mitigation and are completed in a thorough and timely manner. This will involve events reported from data loss prevention software as well as those reported by the separate Security Operations Centre.
• In accordance with relevant subject matter experts, define and document security procedures and configurations and then monitor, manage and review exceptions.
Advice and Guidance
Provide an effective first line security support and advice for management and staff.
Security Incidents and Breaches
Be the focal point for security investigations and forensic investigations, utilising subject matters experts where appropriate. Handle the engagement with management, HR, Legal and Group Functions as required.
Other
• Facilitate, support or lead security projects, improvements and proof of concepts, drawing in relevant subject matter experts and business staff as required.
• Provide a support and administrative service for the IRM team. This includes completion of existing activities such as staff training programmes and management of the Group’s “customer data driving licence programme”, but it will also involve developing new procedures and processes.
• Developing and producing service and security MI and presenting this to management.
Experience:
The successful candidate is likely to have:
• significant experience and a proven track record in the management of information risk and security operations;
• experience in service management;
• excellent stakeholder management skills, able to communicate and articulate risks to both technical personnel and senior management;
• held a senior identity and access position;
• strong people management skills;
• technical experience of IAMs software and a strong understanding of related business processes;
• technical experience of GRC software and a strong understanding of related business processes;
• the capability to add value to business activity by developing and continuing to enhance processes in a pragmatic manner.
• relevant industry certifications (CISSP, CISM, ITIL, etc).
M&G is an equal opportunities employer and welcomes applications from a diverse background.
Apply for job
