Senior Manager, Audit & Regulatory Governance - Technology

Provides Oversight and primary liaison for all Cybersecurity audit & regulatory engagements.

Key Responsibilities

• Take ownership of the first line cyber regulatory compliance function and ensure all compliance matters are quality driven and centrally supported with best practice
• Act as the point of contact for all cyber related Internal Audit and External audit actions undertaken.
• Responsible for developing and maintaining a central repository of Cybersecurity regulatory guidance aligned to NIST FSSCC and Cybersecurity Standards with workflow delivering timely evidence and responses to regulatory exams, questionnaires, and assessments.
• Develop a centralised repository of Cybersecurity audit & regulatory evidence and responses for re-use and with reporting.
• Responsible for developing and maintaining a combined (COMCO) central repository of customer responses (RFI’s) to NIST FSSCC with workflow delivering timely, consistent responses to RFIs.
• Develop a centralised repository of RFI responses for re-use and with reporting.
• Engage partners in governance forums for awareness and resolve critical issues.
• Work closely with Compliance and second line of defence teams to ensure all regulatory and customer responses are addressed in a timely manner.
• Oversight and management of direct reports required to deliver against LSEG’s regulatory and customer obligations.
• Work with senior stakeholder management to ensure conformance with Regulatory, Company and Industry standards
• Reporting regular updates to relevant committees and management teams, including producing the required Metrics

Leadership responsibilities

• The role is expected to motivate and lead a team of analysts and will be seen by stakeholders as a trusted partner in a 'high support and high challenge' relationship.
• Experience
• Understanding and working knowledge of control frameworks based on industry best practices such as NIST, COBIT, and ISO27001.
• Understanding of key regulatory requirements for technology and cyber security in the main LSEG operating centres
• Cyber security qualification e.g. CISSP / CISM (desirable)
• Information Security auditing qualification e.g. CISA (desirable)
• Demonstrable working knowledge and understanding of key cyber security controls such as Vulnerability Management, Identity & Access Management, Authentication and Authorisation systems, Data Protection, Application Security, Secure Application Development practices, Third-Party and Cloud security.
• Degree or Masters qualification in Cyber, Information Security or IT management (desirable)