Key responsibilities
- Handle regulatory assessments on behalf of the Tech and Cyber GRC for regulated entities and ensure all compliance matters are quality driven and centrally supported with policies and standards
- Lead the Governance of Technology and cyber related Internal Audit and External audit actions undertaken.
- Support the development and maintenance of central repository of Cybersecurity regulatory guidance aligned to NIST FSSCC and Cybersecurity Standards with workflow delivering timely evidence and responses to regulatory exams, questionnaires, and assessments.
- Run a centralised repository of Technology & Cyber audit & regulatory evidence and responses for re-use and with reporting.
- Responsible for maintaining a central repository of customer responses (RFI’s) to queries for Tech and Cyber.
- Engage partners in governance forums for awareness and resolve critical issues.
- Work closely with Compliance and second line of defence teams to ensure all regulatory and customer responses are addressed in a timely manner.
- Work with partners to ensure conformance with Regulatory, Company and Industry standards
- Reporting regular updates to relevant committees and management teams, including producing the required Metrics
Leadership responsibilities
- The team are in a state of growth, leadership will be required throughout the team to establish itself as a trusted risk partner.
Critical Outputs
- Ongoing and periodic regulatory and compliance responses and engagements
- Audit engagement management
- Audit and Assurance status reporting to Risk and Audit committees
- Responding to customer RFIs using standardised formats and frameworks
- Quality assurance on library of responses required for customer RFIs etc.
Impact
- This will be a high-profile role acting as an interface to the technology and cyber security team for all matters involving alignment to regulatory requirements, compliance and customer requests for information. This is an opportunity to become a trusted risk partner and to support the business with their Audit, Regulatory or Customer demands.
Technical / job functional knowledge
- Understanding and working knowledge of control frameworks based on industry best practices such as NIST, COBIT, and ISO27001.
- Understanding of key regulatory requirements for technology and cyber security in the main LSEG operating centres – UK, Europe, US & Asia
- Cyber security qualification e.g. CISSP / CISM (desirable)
- Information Security auditing qualification e.g. CISA (desirable)
- Demonstrable working knowledge and understanding of key technology and cyber security controls such as Backup & Recovery, Change management, SDLC, Incident Management, Vulnerability Management, Identity & Access Management, Authentication and Authorisation systems, Data Protection, Application Security, Secure Application Development practices, Third-Party and Cloud security.
- IT and cybersecurity policies and standards
- Operational risk frameworks
- Regulatory compliance
- Technology resiliency
- Data protection
Business and sector expertise
- Financial Services
- Technology & Cyber Security
Leadership and management experience
- Not crucial but experience will be recognised, greater focus on work experiences and ability to engage and drive initiatives. There will be opportunity for cross team management to support different work streams, and development of the team but no direct line management responsibilities.
Personal skills and capabilities
- Critical thinking
- Objective analysis of poorly defined problems
- Proficient understanding of financial institutions and underlying business processes
- Regulatory and Audit engagement
- Partnership and influence
- Resource management
- Negotiation and Partner management
- Technological, organizational and/or operational change management
- Resolving Conflicts
LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.
Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.
Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity.
LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.
We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.
Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.
If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.
