We are M&G Global Services Private Limited (formerly known as 10FA India Private Limited, and prior to that Prudential Global Services Private Limited). We are a fully owned subsidiary of the M&G group of companies, operating as a Global Capability Centre providing a range of value adding services to the Group since 2003.

Our purpose is to give everyone real confidence to put their money to work. With a heritage dating back more than 175 years, we have a long history of innovation in savings and investments, combining asset management and insurance expertise to offer a wide range of solutions.

Our two distinct operating segments, Asset Management and Life, work together to provide access to balanced, long-term investment and savings solutions.

M&G Global Services has rapidly transformed itself into a powerhouse of capability that is playing an important role in M&G’s ambition to be the best loved and most successful savings and investments company in the world.

Our diversified service offerings extending from Digital Services (Digital Engineering, AI, Advanced Analytics, RPA, and BI & Insights), Business Transformation, Management Consulting & Strategy, Finance, Actuarial, Quants, Research, Information Technology, Customer Service, Risk & Compliance and Audit provide our people with exciting career growth opportunities. Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent.

Primary Key Responsibilities (Top 3-5 KRA)

· Ownership of the Encryption team Delivery including Encryption Controls, and the PKI environment.

· Develop and deliver on the encryption strategy, ensuring the target operating model is delivered.

· Drive tasks to completion for efforts associated with Data Security and Data Protection projects and initiatives; where needed, lead associated task efforts for small groups.

· Ensure Data Security requirements are embedded within all new architecture and infrastructure, working with Security Architecture, Security Engineering, Project Management, Development teams and third parties to ensure the implementation of the required level of security functionality into all new products and services.

Additional Responsibilities:

• Understand the operating model of immediate business areas the team interfaces with.
• Own Development of technical Encryption standards and oversight mechanisms for them
• Manage supplier relationships and financial aspects of encryption
• Embed Automation throughout the Encryption Lifecycle
• Development of new ideas to contribute to the continued success of the department and the services provided.
• Define, configure and test complex configurations to enable DLP policy implementations through various on premises and SaaS solutions.
• Build and strengthen technical controls for protection against data exfiltration.
• Ensure that existing Enterprise Security Policy, Standards, Procedures and Guidelines are consistently embedded and communicated across the business units, ensuring appropriate alignment with business needs and providing effective and proactive mitigation of related risks to M&G.
• Manage elements of an ongoing programme of monitoring in order to demonstrate appropriate management of risk and compliance with policy.
• Help define DLP rules and policies for new cloud access security broker (CASB) environment.
• Work closely with other areas of Cyber Security to deliver comprehensive security capabilities. These group include, but are not limited to: Cloud Security, SOC; Data Life Cycle Management.
• Support troubleshooting activities and provide SME to production support teams in stabilizing DLP systems and identifying root cause analysis.
• Coordinate and prepare technical documentation for new/upgraded systems or components.
• Ensuring that technology and processes are well managed so that every effort is made to secure all customer and sensitive data held by M&G.
• Evaluation of Enterprise Security tools, products and solutions, and contributing to the decision process for their purchase and use.
• Development of new ideas to contribute to the continued success of the department and the services provided.
• Demonstrable consultative and delivery skills in Information Security projects, work prioritisation resource allocation, budgeting and planning with the ability to analyse complex issues, recommending and implementing tools or solutions where appropriate.
• Ability to manage investigations of confidential issues at all levels and to apply judgement as to how these are conducted and the actions arising from them, exercising absolute discretion.
• Build and maintain a network of contacts, both internally in the M&G organisation, and externally in the security industry.
• Build strong relationships within Enterprise Security, ensuring that strong business management disciplines are embedded into the wider security operational capability.

Knowledge:

• CISSP, CISM, SSCP, Security+, CCSP, ITIL qualified, CISA, CEH, Microsoft DLP, , MDCA certifications or equivalents would be advantageous.
• Knowledge on appropriate information security management and governance standards, e.g. ISO 27001, SoGP, CoBIT, ISF Code of Practice. and/or financial services regulations relating to IT (e.g. AAF, FSA).
• A thorough knowledge and understanding of information risk related legislations e.g. the GDPR , and Computer Misuse Act etc and worldwide equivalents.
• Knowledge of Cryptographic implementations, IRM, AIP, Access control, Security Operations.
• Commercial awareness.
• An understanding of key information security risks posed and ability to develop pragmatic options to mitigate these.
• Knowledge of security investigation techniques, the rules of evidence and practical experience of computer forensics would be useful.
• Knowledge of Data Protection, Data Governance, or data lifecycle methodologies and concepts.
• Knowledge of data architecture, database technologies, and cloud computing will be desirable.

Skills:

• Ability to assess multiple options (including consequences) in parallel, while working on possible solutions.
• Work well in team environments with internal and external resources as well as work independently on tasks Specialist areas of IT/Security, security architecture design, security management, user awareness, risk assessment).
• Problem solving and analytical skills (should have proven ability to analyse both technical/non-technical data, translate it and present practical solutions).
• Strong organizational, and time management skills
• Effective report writing and presentation skills.
• Good negotiation, influencing and communication skills.
• Ability to work on own initiative.
• Excellent organizational, interpersonal, and project management skills.
• The ability to assist with analysis of complex issues and deliver appropriate solutions that manage customer and business requirements.
• The ability to assist with managing and confidential investigations, maintaining confidentiality. Ability to apply sound judgement, using legislative knowledge to advise actions.
• The ability to review reports and assist in the creation of reports.
• Ability to understand organisational culture and use this knowledge to gain commitment and get work done.
• Remains calm under pressure.
• Accepts and drives change.
• Ability and confidence to challenge responses provided if necessary.
• Is self-motivated, self-disciplined, proactive and is an independent ‘self-starter’
• Is able to adopt a pragmatic approach to issues.
• Is energised, keen and efficient.
• Is creative in maintaining focus on service improvement and efficiencies.
• Has a high attention to detail but at same time has the ability to present information in a clear and concise format.
• Ability to operate in an ambiguous situation, providing clarity and direction where required.
• Ability to both work independently on tasks with minimal supervision and collaborate effectively in a geographically diverse team environment.
• Able to work unsociable hours where required, i.e to manage an incident. Cope effectively with times when there are competing demands on time.
• Allocate high priority to customer satisfaction at all times.
• Demonstrates drive & enthusiasm.
• Stakeholder Management demonstrating a ‘can do’ attitude; good relationship skills, able to effectively listen, communicate, challenge, influence and deal with people at all levels.
• The ability to negotiate and influencing stakeholders in relation to assessments and contracts and the importance of this.

Experience:

• Experienced in working with UK stakeholders.
• 10+ years' experience working with Cybersecurity DLP, data classification or incident response (SOC) toolsets – Forcepoint, Proofpoint, Symantec, McAfee solutions for endpoint DLP, CASB, and/or email security gateways.
• 5+ years of Technology experience – system administration, application development, system integration, database design/development, etc. with understanding of Boolean logic, Regular Expressions and/or SQL
• In-depth knowledge of PKI principles and practices, including certificate authorities, key management, and digital signatures. Expertise in cryptographic protocols
• Proficiency in implementing and managing PKI infrastructure components such as certificate services, registration authorities, and certificate revocation lists.
• Threat Intelligence administration experience; have used or implemented the above program in some capacity, understanding incident response, analysis, rules, etc.
• Coding/Scripting experience (e.g. Python, Perl, PowerShell).
• Proven experience with creating Regular Expressions.
• Experience in information management skills, analysing the results of audits and reviews (performed by other functions) providing advice on acceptable risk, or risk mitigation strategies including the creation and implementation of controls and standards.
• Experience with data and business requirements gathering/analysis and translation to technology execution.
• Experience with SharePoint, Archer, ServiceNow, and/or Agile - a plus.
• Strong track record for dealing well with ambiguity, prioritizing needs, and delivering measurable results in an agile, fast-paced environment.

Educational Qualification:

• Graduate / Masters in (BE/B.Tech/M.Tech / ME / B.SC ) in Computer Science / Information Technology, MCA or legal related qualification demonstrating significant application of data protection laws and rules.

We have a diverse workforce and an inclusive culture at M&G Global Services, regardless of gender, ethnicity, age, sexual orientation, nationality, disability or long term condition, we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.