Information Security Lead

those teams receive timely and consistent advice Ensuring compliance with wider organisational security requirements in your domain, creating a single integrated approach that is compatible with DevSecOps practices across your product team Compiling and presenting security-related reports on your domain for the wider organisation, working with DevSecOps Engineers to automate as needed, ensuring the department is transparent about its security performance and timely in delivering that information Providing, in conjunction with Security Architects, expert guidance on risk assessment and mitigation in your domain, enabling product teams to make the right choices to protect L&G's data Supporting the Information Security Manager in promoting a strong security culture across product teams in your domain, empowering and supporting DevOps Engineers to maximise the security elements of their role Qualifications Who we're looking for: Knowledge of AWS Security principles including, The Information Security Lead will bridge the gap between L&G's security organization and product teams, ensuring security advice is transposed into actionable initiatives. This role involves adapting security frameworks for DevSecOps and ensuring compliance with organizational security requirements.

AWS Security Principles, AWS Platform Security, AWS Compliance, DevSecOps, Policy-as-Code, Security Testing Automation, CISSP, CCSP, Microsoft Certified Security Engineer, Security Trends, Cloud Ops, Risk Assessment, Mitigation, Security Culture, DevOps, Automation, best practice and architecture patterns for secure Cloud Ops Proven experience implementing AWS platform security and controls in a fast-moving product-based environment Experience with implementing and managing AWS Compliance using native tools like Microsoft Defender and AWS, as well as third party CSPM tools like Wiz/Orca Security Experience in a DevSecOps environment including policy-as-code and security testing automation using CI/CD tools including GitHub, Terraform and Veracode Relevant security-related qualification, e.g. CISSP, CCSP, MS Certified Security Engineer, or other relevant industry certification Up-to-date knowledge of security trends, tools and frameworks applicable to a DevSecOps environment Up-to-date knowledge of security trends, tools and frameworks applicable to a DevSecOps environment Whatever your role, we reward performance and behaviour with a package that looks after all the things that are important to you. Here are some of the benefits

we offer: The opportunity to participate in our annual, performance -related bonus plan and valuable share schemes Generous pension contribution Life assurance Healthcare Plan (permanent employees only) At least 25 days holiday, plus public holidays, 26 days after 2 years' service. There's also the option to buy and sell holiday Competitive family leave Participate in our electric car scheme, which offers employees the option to hire a brand-new electric car through tax efficient salary sacrifice (permanent employees only) There are the many discounts we offer - both for our own products and at a range of high street stores and online In 2023, some of our workspaces were redesigned. Our offices are great spaces to connect and collaborate and have your wellbeing at the heart Additional Information At L&G, we believe it's possible to generate positive returns today while helping to build a better future for all. If you join us, you'll be part of a welcoming, inclusive culture, with opportunities to collaborate with people of diverse backgrounds, views, and experiences. Guided by leaders with integrity who care about your future and wellbeing. Empowered through initiatives which support people to develop their careers and excel. We care passionately about outcomes rather than attendance and are therefore open to discussing all kinds of flexible working options including part-time, term-time and job shares. Although some roles have limited flexibility due to customer demand, we accommodate requests when we can. It doesn't matter if you don't meet every single criterion in this advert. Instead, think about what you excel at and what else you can bring in terms of strengths, potential and connection to our purpose.

Company Description Legal & General (L&G) is a leading UK financial services group and major global investor. We've been safeguarding people's financial futures since 1836, and strive to build a better society, while improving the lives of our customers and creating value for shareholders. We are one of the world's largest asset managers and provide powerful asset origination capabilities. Together, these underpin our retirement and protection solutions: we are an international player in pension risk transfer, in UK and US life insurance, and in UK workplace pensions and retirement income. Our Group Functions provide the services that all areas of the business need. This requires a talented and diverse team behind the scenes, who enable everyone at L&G to do what they do best. Joining us means helping to improve the lives of our customers and contributing to the success of the business every day. Job Description We're looking for an Information Security Lead to join us - you'll play a key role to bridge the gap between L&G's wider security organisation and the dynamic, fast-moving demands of product and service teams spanning various major engineering domains (e.g. Microsoft Azure, AWS). This role is specifically against the AWS domain to support our product team build and operate a robust and secure AWS Cloud Platform for consumption by the wider business. What you'll be doing: Transposing security advice, standards, and guidelines from the wider L&G security organisation into initiatives compatible with fast-moving, highly automated product development teams within your domain of responsibility Adapting a tailored information security framework so relevant controls can be easily incorporated into the DevSecOps lifecycle for product teams in your domain, simplifying the process of compliance for those teams Acting as a conduit for security knowledge, threat intelligence and enquiries between the information security team and product teams in your domain, ensuring