Information Security Officer - Post Trade, LCH Ltd

The purpose of this role is to assist the Director of Business Information Security (BISO) in all security matters relating to the oversight of Information and Cyber Security within the LCH Ltd. business line of LSEG's Post Trade division. The successful candidate will be charged with ensuring that the critical business systems and data assets of LCH Ltd. are adequately protected, and that all related information security and cyber controls remain effective and within risk appetite.

Key Responsibilities

• Assisting in the oversight of Information Security by:
  • Reviewing and assessing the information security and cyber controls that enable LCH Ltd. to conduct its business in a secure manner, and gap analysis of the same.
  • Overseeing InfoSec/Cyber related control gap/risk remediation activities.
  • Monitoring and analysing the information security roadmaps, strategies, programmes, and projects, and identifying and reporting risks, trends and future opportunities for improvement.
  • Proactively engaging and working closely with technology and cyber teams that deliver services to the firm.
  • Attending risk and governance meetings to provide updates to LCH Ltd. stakeholders from the three lines of defence about the delivery and progress of strategic cyber initiatives.
  • Working with colleagues to define the current risk posture and collaborating to remediate identified risks/issues.
  • Engaging with external third party service providers and working closely with internal oversight functions to ensure appropriate security levels are met.
  • Establishing and maintaining a Cyber Risk Profile of LCH Ltd. in line with other LSEG areas.
  • Assisting with the establishment and maintenance of a Risk Control Assessment (RCA) focused on InfoSec/Cyber risks and associated controls.
  • Maintaining key performance and risk indicators so that all management information accurately reflects the current control estate.
  • Providing accurate executive level presentation materials that clearly present the current state of security controls.
  • Assessing security architecture designs and risk positions of projects and initiatives, and working with SMEs and design authorities to ensure compliance with policies, standards and design principles.
• Engagement with the business to:
  • Develop an understanding of business goals and operational risks.
  • Identify key areas for improvement.
  • Support risk management decision processes and risk forums/committees.
  • Assist with the identification of emerging threats and the analysis to develop and oversee risk mitigation plans.
  • Build strong relationships with business units to understand security related risks.
  • Work closely with governance stakeholders in all three lines of defence on matters of information security, cyber risk, data privacy, and regulatory considerations.
• Embedding Cyber across the firm by:
  • Working with stakeholders to ensure compliance with LSEG policies, standards and procedures.
  • Constructively challenging established controls to recommend and accommodate continuous improvement.
  • Ensuring stakeholders understand their responsibilities in risk mitigation and remediation.
  • Monitoring industry information security trends and keeping leadership informed of issues that may affect the organisation or business functions.
• Security Governance, Technical, and Risk Review:
  • Reviewing and documenting technologies and security controls across the firm, including office spaces, data centres and cloud.
  • Executing maturity assessments against standards such as NIST Cyber Security Framework, ISO27001/2, SOC2.
  • Reviewing projects and initiatives to assess appropriate levels of security design and controls.
  • Identifying technology and security risks, assessing and presenting risk scoring.
  • Producing risk remediation action plans and presenting risk posture to executive bodies.
  • Responding to regulatory and legislative matters.
  • Presenting complex cyber risk matters to clients and regulators.
• Partnering with different business control functions:
  • Building knowledge of business units by assisting with security workloads, agendas and difficulties.
  • Maintaining balanced relationships with risk, compliance, legal, HR and audit functions.
• Knowledge of technology, security, and threat landscapes:
  • Staying abreast of emerging technologies and security solutions.
  • Maintaining deep knowledge of the cyber threat landscape and evolving cyber risks.
  • Proposing and explaining appropriate cyber risk counter measures clearly and concisely.
  • Remaining informed on global data protection regulations and legislation.

Experience and Core Skill Requirements

• 10+ years of senior InfoSec management experience.
• Extensive previous exposure to FS or FMI industry organisations.
• High performance in problem solving, innovation and critical thinking.
• Excellent written and verbal communication and stakeholder management skills.
• Ability to articulate ideas to both technical and non technical audiences.
• Pragmatic and efficient working style, both independently and within a team.
• Ability to prioritise workloads with minimal supervision.
• Experience working in fast paced, high volume environments.

Must Have Security Certifications

• CISSP

Desirable & Advantageous Certifications

• CISSP ISSAP
• CISSP ISSEP
• CISM
• CCSP
• CCSK
• CEH

Working Knowledge of Security Standards / Frameworks

• ISO27K
• ISF SOGP
• NIST CSF
• CIS
• CSA STAR
• CBEST
• TIBER EU
• SOC2

We are a proud equal opportunity employer. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.