CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
At M&G our vision is: to become the best loved and most successful savings and investment business and we're looking for people who are excited about joining us on our journey. We're digitally transforming and investing heavily in technology and innovation to develop new and improved customer propositions that really raise the bar for our customers. To help us achieve our vision we're looking for exceptional people who live our values and behaviours and who can inspire others; embrace change; deliver results and keep it simple.
What you can expect from us: We are committed to creating an environment where you can be exceptional at all you do. To help us deliver this, we promise to:
Challenge Your Limits by creating a stimulating working environment and providing opportunities for you to be involved in meaningful and challenging work
Support Your Aspirations with a commitment to learning and development that helps you achieve and build your experience with people who want you to succeed
Value Your Input whereby leaders and managers will involve you in key decisions, listen to your thoughts and recognise the important contribution you make
Balance Your Life through a work life partnership that focuses on making this an inclusive, diverse and friendly place to work and offers the flexibility and support that enables everyone to be at their best
Enterprise Security is responsible for the provision of an Information Security management service to the business units within M&G Prudential. This role supports the delivery of that service in the Supply Chain Security pillar:
Consultancy , support and delivery of Supply Chain Security to all aspects of the M&G Prudential business
Systematic assessment of Supply Chain Security Risk in the business and development of appropriate strategies to manage this risk.
Ensuring that existing Enterprise Security Policy, Standards Process and Guidelines are consistently embedded and communicated across the business units, ensuring appropriate alignment with business need and providing effective and proactive mitigation of related risks to M&G Prudential.
Provision of specialist consultancy and advice on Supply Chain Security management to managers, project teams and infrastructure delivery teams (including provision of guidance on conformance with the legal aspects of information processing, e.g. GDPR, Computer Misuse Act etc).
Ensuring supply Chain Security requirements are embedded within all new architecture and infrastructure, working with Security Architecture, Project Management, Development teams and third parties to ensure the implementation of the required level of security functionality into all new products and services.
Managing elements of an ongoing programme of monitoring in order to demonstrate appropriate management of risk and compliance with policy.
Ensuring that technology and processes are well managed so that every effort is made to secure all customer and sensitive data held by M&G Prudential
Consultancy , support and delivery of Enterprise Security Projects
Overall ownership and leadership of significant, and complex, components of work relating to Enterprise Security, including risk assessments, system reviews and consultancy.
Development of Enterprise Security controls and guidelines, and the subsequent process of communication with the business.
Research, assessment and reporting of security vulnerabilities and recommending appropriate remedial actions.
Evaluation of Enterprise Security tools, products and solutions, and contributing to the decision process for their purchase and use.
Development of new ideas to contribute to the continued success of the department and the services provided.
Providing specialist advice and guidance to managers, project teams, infrastructure delivery team and Enterprise Security peers.
Promoting Enterprise Security awareness throughout the business.
Acting as an ambassador for Enterprise Security Management.
Participation with the Enterprise Security Architecture community, providing information security guidance and recommendations during the Enterprise Security planning process
Compliance – To ensure that you understand and adhere to Prudential's Code of Conduct and, where appropriate, comply with all relevant regulatory policies. This includes completion of any mandatory training requirements.
Financial Controls – Ensure all expenditure commitments (orders, contracts, budgets etc) and all payments are properly authorised, controlled and monitored, in accordance with Prudential UK delegated authority requirements. The responsibilities of expenditure authorisers are documented in the Prudential UK Financial Procedures Manual.
Performance Management – To ensure the delivery of People Management Pru and that all its processes and tools are fully utilised in managing your people.
Ensure Enterprise Security internal and external audits are effectively communicated and subsequent remedial activities are followed through to agreed actions
To demonstrate a positive risk, compliance and control culture through the identification, assessment, monitoring and management of risks and issues within the business area, alongside ensuring timely and appropriate resolution of control weaknesses, actions and failures that arise.
Head of Supply Chain Security,CISO Leadership Team (Senior Management Team), GRC, Risk and Audit, Business Unit Representatives for all M&G Prudential Business Areas, Risk, Strategic Procurement & Supply Chain,, Risk Coordinators.
All Supply Chain actors
Data Protection and Information Security industry bodies and members, audit and regulatory bodies.
You will have:
Demonstrable consultative and delivery skills in Information Security projects, work prioritisation and planning with the ability to analyse complex issues, recommending and implementing tools or solutions where appropriate.
Stakeholder Management demonstrating a 'can do' attitude; good relationship skills, able to effectively listen, communicate, challenge, influence and deal with people at all levels.
Experience in information management skills us, analysing the results of audits and reviews (performed by other functions) providing advice on acceptable risk, or risk mitigation strategies including the creation and implementation of controls and standards.
Knowledge on appropriate information security management and governance standards, e.g. ISO 27001, CoBIT, ISF Code of Practice. and/or financial services regulations relating to IT (e.g. SOX & Turnbull).
A thorough knowledge and understanding of information risk related legislation e.g. the GDPR , and Computer Misuse Act etc.
Experience and understanding of the information risk implications of Supply Chain relationships and the management strategies required.
Ability to manage investigations of confidential issues at all levels and to apply judgement as to how these are conducted and the actions arising from them, exercising absolute discretion.
Highly aware and experienced of working within the financial services regulatory environment (Specifically the FSA and ICO).
Excellent interpersonal skills.
Effective report writing and presentation skills.
Good negotiation and communicatio n skills.
Ability to work on own initiative.
Good project management and planning and delivery skills
Significant spread of skills in 3 to 5 specialist areas of IT/Security, security architecture design, security management, user awareness, risk assessment).
Knowledge of security investigation techniques, the rules of evidence and practical experience of computer forensics would be useful.
Good knowledge of networking (TCP/IP, and routing protocols)
Operational and/or implementation experience of various information security tools would be beneficial such as IAM, DLP (Data Loss Prevention), Endpoint Security, Mobile Device Management, Intrusion Prevention Platforms, GRC (Governance Risk and Compliance) Platforms and Database Security technologies
Qualifications such as CISSP, CISA, CISM Lead Auditor of equivalents would be advantageous
We live by four behaviours at M&G and we ask all our employees to:
Inspire Others - Support and encourage each other, creating an environment where everyone can contribute and succeed
Embrace Change - Be open to change, willing to be challenged and able to adapt quickly and imaginatively to new ideas
Deliver Results - Focus on outcomes, set high standards and deliver with energy and determination
Keep it Simple - Cut through complexity and bureaucracy, be clear and decisive and never overcomplicate things
At M&G Diversity and Inclusion is a strategic objective. We know that an inclusive environment makes us more accessible and ensures we attract, engage, promote and retain exceptional people. We welcome applications from all individuals regardless of age, gender/gender identity, sexual orientation, ethnicity/nationally, disability, or military service and welcome those who have taken career breaks. We will consider flexible working arrangements for any of our roles.