Security Incident Manager

Job Description

At M&G our purpose is to help people manage and grow their savings and investments, responsibly. As a business, we are continuing to take steps towards a sustainable future, delivering better long-term solutions for our customers and clientsand identifying new opportunities to make a positive impact for our environment and communities . To help us achieve our vision were looking for exceptional people who live our values of care and integrity and who can inspire others; embrace change; deliverresults and keep it simple. We will consider flexible working arrangements for any of our roles and also offer work place accommodations to ensure you have what you need to effectively deliver in your role. The Security Incident Manager will support the effective management of the Security Incident Management Framework within the Security Operation areas. Security Incident response is an organised approach to addressing and managing the aftermath of a securitybreach or cyberattack. A key part to this role will be working closely with the business to coordinate Security Incident Management and to lead the regular Bronze Exercising. The role scope:

• Security Incident Management
• Lead and co-ordinate Security Incidents, ensuring containment is completed in a timely manner
• Maintain Security Incident and Bronze Frameworks & Processes
• Conduct Security Incident Post Incident Reviews (PIR), ensure strategic actions are documented and assigned appropriate owners and tracked to resolution
• Ensure the security of M&G systems, while considering business impact and ensuring the appropriate teams are engaged
• Track actions driven from a Security Incident to completion.
• Deliver and improve the maturity of security incident management control environment
• Proactively seek out potential security incidents i.e. problem management and drive action plan to resolution
• Lead and co-ordinate security service incidents within SecOps, ensuring security tools are operational in a timely manner
• Reducing the Cyber Risk Profile of M&G and ensuring cyber risk indicators are within tolerance/appetite
• Work with third parties to establish a core of experts to successfully deliver Cyber Resilience requirements

Personal attribute/skills: The role requires:

• Strong operational delivery capability, internally and via 3rd party providers
• Strong attention to detail and analytical skills
• Significant collaboration and stakeholder management across the M&G Plc organisation
• Coaching and developing team members and the business through sharing of experience and knowledge
• Getting the balance right between protection, detection, reaction and response to resilience issues
• Providing technical direction and guidance to other team members in order to deliver projects/tasks to the agreed scope and requirement, timescales and budget
• Building out and maintaining a professional network
• Leading work at sustained levels of high intensity, and inspire drive and resilience in others
• Proven experience of understanding and managing aspects of risk and resilience, including the quantification and reporting of risk in a business context
• Ability to meet regulatory commitments and expectations

Qualifications:

• Relevant certifications: CISSP / CISM / SANS / ITIL

Recruiter : Martyn Jack We have a diverse workforce and an inclusive culture at M&G plc, underpinned by our policies and our employee-led networks who provide networking opportunities, advice and support for the diverse communities our colleagues represent. Regardless of gender, ethnicity,age, sexual orientation, nationality or disability we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.