Product Risk Assessment Lead - Cyber & Tech Risk

Application Health (AppHealth) is a new initiative to provide greater visibility and assessment to the Cyber and Technology Risk aspects of LSEG’s in-service application estate. This new role will be the Product Owner for AppHealth; including holding the vision, and driving the development of the Product and the overall capability, in conjunction with adjacent teams who deliver the engineering solution and the accompanying service provision.

This initiative is currently in the early stages of development after successful proofs of concept, with a defined future demand and enhancement runway and emerging target operating model. This includes both technology and greater alignment with the Group’s corporate planning function; providing insight and feedback on targeted risk reduction activity.

This role is within a broader Security Architecture team comprising both Secure Design and the Cyber Third Party Risk Management (TPRM) groups. Other teams within the Security Architecture function work with engineering teams; with a separate group delivering a formal control function for Security Architecture. An element of this role is to assist with connecting the outputs and outcomes of Application Health with these teams to enhance the Group’s overall security and technology risk posture.

Reports to: Director - Security Architecture

Key Relationships & Committees

• Senior Manager – Cyber TPRM
• Head of Cyber GRC (and team)
• Business Information Security Officers
• Security Domain Forum and other relevant Domain Fora
• Business Aligned Principal Security Architects
• Security Architecture Review Team
• CyberSecurity Engineering
• CyberSecurity Application Security Team
• Cloud Security Architecture
• Various cloud Communities of Practice

Key responsibilities

Critical Deliverables

• Build the AppHealth capability into the solution for the DORA periodic assessment requirement
• Build the service provision for AppHealth to support and accompany the software capability, including the correct level of assessment/assurance resulting from AppHealth survey submissions
• Developing and publishing core metrics for the AppHealth function and the outcomes of AppHealth surveys; providing appropriate output metrics to divisionally aligned engineering teams.
• Represent AppHealth and its results to senior stakeholders.

Product Owner

• Be the Product Owner for AppHealth and be the focal point for the overall vision and direction.
• Align the question set/responses, compliance and scoring capabilities, function, outcomes and robustness of AppHealth with the requirements of Key Controls managed by the Cyber GRC function, and align with other Group requirements such as uplift programme spend
• Seek, prioritise and act appropriately upon feedback provided on AppHealth; maintain appropriate traceability and progress tracking
• Be the go-to person for AppHealth, comfortable with speaking and presenting to a range of stakeholders from Application Owners through to senior Engineering leaders, and their teams.

Service Provision

• Drive the definition and delivery of the service provision accompanying AppHealth – working with accompanying teams to maximise effectiveness and efficiency of provision
• Develop appropriate, relevant documentation, for AppHealth’s broad range of stakeholders.

Reporting & MI

• Engage with Application Owners and their teams, Operational and Architecture leads, the BISO community to communicate the outcomes of AppHealth.

General

• Nurture technical practices in order to deliver technical excellence
• Foster and support experimentation and innovation in solving problems
• Manage third parties in their deliveries related to the domain area, as required
• Finances for the function and any product or services are accurately budgeted for and managed
• Provides company representation, internally and externally, related to the role, as needed.
• You will need to work closely with the managers of adjacent teams who lead the resource to develop and deliver the AppHealth software and overall service.
• Ensure correct resources allocated to deliver the function – working in conjunction with other managers

Impact

This is a group-wide role which is important to the ongoing management of cyber security and technology risks associated with business systems. Additionally, the role is key to providing actionable information, for our regulated entities related to cyber security and cyber resilience.

As well as being key to the security and technology risk posture of the groups systems, this role also delivers the ability to demonstrate to regulators, auditors and internal control functions that cyber security and technology risk assessment is being delivered for LSEG’s operational application estate.

Technical / job functional knowledge

• 7+ years of increasing responsibility in technical engineering or cyber security/technology risk roles, with an emphasis on cyber security experience.
• Proven experience in assessing and applying security controls into distributed systems (on premises and cloud)
• Thorough understanding of the latest security principles, risk mitigation techniques and protocols
• Able to determine how to pragmatically measure qualitative outcomes, and determine appropriate ranking and relevance to the Group
• Critical thinker
• Problem solving skills, ability to work under pressure and self-starter
• Applied understanding of topics such as authentication, access control, encryption, cloud security, operating system security, network security, database security.

Business and sector expertise

Preferred prior experience in the financial services and / or technology sector or other highly sector.

Leadership and management experience

• Experience in working across organisational boundaries to deliver Group-wide outcomes
• Experience with specialist individual contributors in technology domains.
• Inspiring and empowering a matrix team in the delivery of outcomes.
• Experience in working with remote team members
• Must have a collaborative work style ensuring that stakeholders are engaged in decision making processes.
• Highly adaptable and able to approach challenges differently to achieve goals.
• Must have a collaborative work style ensuring that stakeholders are engaged in decision making processes.

Join us and be part of a team that values innovation, quality, and continuous improvement. If you're ready to take your career to the next level and make a significant impact, we'd love to hear from you.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

You will be part of a collaborative and creative culture where we encourage new ideas. We are committed to sustainability across our global business and we are proud to partner with our customers to help them meet their sustainability objectives. Our charity, the LSEG Foundation provides charitable grants to community groups that help people access economic opportunities and build a secure future with financial independence. Colleagues can get involved through fundraising and volunteering.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.