We are M&G Global Services Private Limited (formerly known as 10FA India Private Limited, and prior to that Prudential Global Services Private Limited). We are a fully owned subsidiary of the M&G group of companies, operating as a Global Capability Centre providing a range of value adding services to the Group since 2003.
Our purpose is to give everyone real confidence to put their money to work. With a heritage dating back more than 175 years, we have a long history of innovation in savings and investments, combining asset management and insurance expertise to offer a wide range of solutions.
Our two distinct operating segments, Asset Management and Life, work together to provide access to balanced, long-term investment and savings solutions.
M&G Global Services has rapidly transformed itself into a powerhouse of capability that is playing an important role in M&G’s ambition to be the best loved and most successful savings and investments company in the world.
Our diversified service offerings extending from Digital Services (Digital Engineering, AI, Advanced Analytics, RPA, and BI & Insights), Business Transformation, Management Consulting & Strategy, Finance, Actuarial, Quants, Research, Information Technology, Customer Service, Risk & Compliance and Audit provide our people with exciting career growth opportunities. Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent.
Primary Key Responsibilities (Top 3-5 KRA)
- For technical specialists, accountable for delivering expert advice or service, using specialist knowledge and subject matter expertise.
- Systematic assessment of Supply Chain Security Risk in the business and development of appropriate strategies to manage this risk.
- Ensuring that existing Enterprise Security Policy, Standards Process and Guidelines are consistently embedded and communicated across the business units, ensuring appropriate alignment with business need and providing effective and proactive mitigation of related risks to M&G.
- Provision of specialist consultancy and advice on Supply Chain Security management to managers, project teams and infrastructure delivery teams (including provision of guidance on conformance with the legal aspects of information processing, e.g. GDPR, Computer Misuse Act etc).
- Ensuring supply Chain Security requirements are embedded within all new architecture and infrastructure, working with Security Architecture, Project Management, Development teams and third parties to ensure the implementation of the required level of security functionality into all new products and services.
Additional Responsibilities :
- Evaluation of Enterprise Security & Privacy tools, products and solutions, and contributing to the decision process for their purchase and use.
- To support development, definition and operation of controls to manage information security risks.
- Development of new ideas to contribute to the continued success of the department and the services provided.
- Providing specialist advice and guidance to managers, project teams, infrastructure delivery team and Enterprise Security & Privacy peers.
- To work with internal and external teams to ensure that appropriate levels of security functionality are in place.
- To identify, analyse and mitigate the risks inherent in working with other organizations as part of a Supply Chain Security.
- Ensure Enterprise Security & Privacy internal and external audits are effectively communicated and subsequent remedial activities are followed through to agreed actions
- Assist in management of security incidents relating to Supply Chain.
- Moderate the annual review and update of information security related policies and processes.
- Stay up-to-date on information technology trends and security standards.
- Conduct trainings to educate and develop security awareness in the workforce on information security
- Provide guidance on associated regulations & legislations.
- Research & assess information security vulnerabilities.
- Acting as an ambassador for Enterprise Security Management.
- Compliance – To ensure that you understand and adhere to M&G’s Code of Conduct and, where appropriate, comply with all relevant regulatory policies. This includes completion of any mandatory training requirements.
- To demonstrate a positive risk, compliance and control culture through the identification, assessment, monitoring and management of risks and issues within the business area, alongside ensuring timely and appropriate resolution of control weaknesses, actions and failures that arise.
Key Stakeholder Management
Internal
- Head of Supply Chain Security
- CISO Leadership Team (Senior Management Team)
- Technology teams
- First line GRC
- Risk and IA
- Business Unit Representatives for all Business Areas
- Procurement & Third Party Risk team
- Privacy team
External
- External Supplier
- Data Protection and Information Security industry bodies and members and auditors.
Knowledge, Skills, Experience & Educational Qualification
Knowledge:
- Qualifications such as CISSP, CISA, CISM Lead Auditor of equivalents would be advantageous
- Working knowledge of financial services regulatory and legislative frameworks.
- Working knowledge of Information Security regulations and legislation.
- It is desirable to have working knowledge of industry best practice and external bodies in the same field.
- It is desirable to have working knowledge of information security management and governance standards.
- It is desirable to have working knowledge of third party relationships and the associated information security risks.
- Knowledge of security investigation techniques, the rules of evidence and practical experience of computer forensics would be useful.
- A thorough knowledge and understanding of information risk related legislation e.g. the GDPR, and Computer Misuse Act etc.
- Knowledge on appropriate information security management and governance standards, e.g. ISO 27001, CoBIT, ISF Code of Practice. and/or financial services regulations relating to IT (e.g. AAF, FSA).
- Broad knowledge of business conducted within M&G, including M&G Global Services India.
Skills:
- Excellent analytical and multi-tasking skills.
- Able to look at and understand processes and infrastructure.
- Good understanding in information security methodologies, frameworks and tools
- Have the ability to drive initiatives through cross functional teams and drive alignment with key stakeholder
- Good understanding of supply chain management, risk management principles and application of mitigating measures to reduce risks
- Ability to build relationships at all levels in the business.
- Ability to present reports in meetings.
- Ability to understand organisational culture and use this knowledge to gain commitment and get work done.
- Ability to provide support to and accept direction from colleagues in other areas.
- Remain effective in situations when responsibilities, tasks, priorities and / or work environment change significantly.
- Ability to assess multiple options (including consequences) in parallel, while working on possible solutions.
- Ability to work with limited supervision, seeking guidance where appropriate.
- Confident communicator, able to get the message across clearly and concisely via appropriate channels, whether verbal or written.
Experience:
- 7+ years experience of working or studying in at least one of the following areas: IT / information security / risk management / audit / assurance / supplier management/ Application security/ Cloud security.
- Experienced in working with UK stakeholders.
- Experience and understanding of the information risk implications of Supply Chain relationships and the management strategies required
Educational Qualification:
- Graduate in any discipline.
We have a diverse workforce and an inclusive culture at M&G Global Services, regardless of gender, ethnicity, age, sexual orientation, nationality, disability or long term condition, we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.
