The purpose of this role is to support the Director of Business Information Security (BISO) in the oversight of Information Security across LCH.
The role contributes to ensuring that LCH's critical business services, systems, and data assets are adequately protected, that information security and cyber controls are effective and operating within defined risk appetite, and that any identified gaps have appropriate and proportionate risk treatment plans in place.
The role will best suit an experienced Information Security Professional with experience gained from having previously operated within InfoSec/Cyber roles within the FS or FMI industries. The successful candidate must have subject matter expertise in Information Security, as the role demands a strong knowledge in all areas of information security and cyber security, as well as in-depth knowledge of legacy, existing, and emerging technologies including cloud and security technologies/controls. In addition, a prior background in information security engineering, security architecture, and security operations will be advantageous in this role given the various levels of stakeholders as well as the tech/cyber projects that the successful candidate will engage with daily.
Information Security & Cyber Oversight
- Support the oversight of Information Security and Cyber Security controls that enable LCH to operate securely and resiliently.
- Review and assess the design and operational effectiveness of security controls, identifying gaps, weaknesses, and improvement opportunities.
- Support the tracking, reporting, and follow-up of InfoSec and Cyber risk remediation actions.
- Monitor cyber-related roadmaps, programmes, and initiatives impacting LCH, identifying risks, dependencies, and areas requiring escalation.
Cyber & Technology Domain Knowledge
- Apply strong cyber and technology domain knowledge to understand, assess, and articulate security risks and control effectiveness across:
- Identity & Access Management (IAM) and Privileged Access Management (PAM)
- Infrastructure and platform technologies, including virtualised environments
- Vulnerability management tooling, prioritisation, and remediation approaches
- Cloud and SaaS security concepts, including shared responsibility models
- Secure Development Lifecycle (SDLC) principles and application security fundamentals
- Use this knowledge to engage credibly with technical specialists and translate technical issues into clear, risk-based insights for stakeholders.
Vulnerability & Risk Remediation
- Review vulnerability and security findings from enterprise tooling, dashboards, and assurance activities.
- Analyse trends and systemic risk themes across vulnerability and control findings.
- Coordinate with technology and engineering teams to support timely remediation of vulnerabilities, tracking progress and escalating delays or constraints as required.
- Support risk-based remediation and risk acceptance decisions in line with LCH and LSEG risk appetite.
Governance, Risk & Reporting
- Contribute to risk, security, and governance forums by providing accurate, evidence-based updates on cyber risk posture, remediation progress, and control effectiveness.
- Work with colleagues across the first, second, and third lines of defence to support a consistent and well-understood cyber risk posture for LCH.
- Support the development and maintenance of the LCH Cyber Risk Profile.
- Assist with Risk & Control Assessments (RCA) covering InfoSec and Cyber risks.
- Maintain key risk and performance indicators, ensuring management information accurately reflects the current control environment.
Engagement with the Business
- Develop and maintain a strong understanding of LCH business services, objectives, and operational risks, and how these influence cyber and information security risk.
- Identify key areas for improvement across cyber risk, control effectiveness, and governance.
- Support risk management decision-making, including contributions to relevant risk forums and governance committees.
- Assist with the identification of emerging cyber and information security threats, supporting analysis and mitigation planning.
- Build effective relationships across the business to gain a clear understanding of security-related risks and priorities.
- Work closely with stakeholders across the three lines of defence on information security, cyber risk, and data privacy matters, including regulatory and legislative considerations.
Stakeholder & Third-Party Engagement
- Work closely with LCH technology and cyber teams delivering infrastructure, platform, and application services.
- Engage with internal third-party oversight functions to support assurance over suppliers and service providers.
- Maintain effective working relationships with risk, compliance, legal, and audit functions.
Executive Communication
- Prepare and maintain clear, accurate executive-level materials that reflect the current security posture of LCH.
- Develop briefing papers, management updates, and presentations for senior stakeholders and governance committees.
- Confidently support senior leaders by stepping in to represent the function when required, delivering updates with minimal oversight.
- Communicate complex cyber risk matters in a clear, concise, and regulator-appropriate manner.
Knowledge of Technology, Security & Threat Landscapes
- Maintain awareness of emerging technologies and relevant security capabilities.
- Sustain a strong working understanding of the cyber threat landscape, particularly as it applies to Financial Market Infrastructure (FMI) organisations.
- Continuously develop knowledge of evolving cyber and information security risks.
- Contribute to the articulation of appropriate cyber risk mitigations, explaining effectiveness and limitations clearly.
- Maintain awareness of key global data protection and privacy regulations relevant to LCH.
- Operate with a high degree of autonomy, managing responsibilities with minimal day-to-day supervision.
- Bring a strong learning mindset and proactive attitude, actively seeking to broaden capability across cyber risk, controls, governance, and regulation.
Essential experience and skills required
- Experience in Information Security, Cyber Risk, Technology Risk, or Security Governance roles.
- Strong conceptual knowledge of:
- IAM / PAM
- Infrastructure and platform technologies
- Vulnerability management
- Cloud and SaaS security concepts
- SDLC principles
- Experience working with risk, controls, and governance processes.
- Excellent written and verbal communication skills.
- Ability to operate independently and prioritise effectively.
Desirable & Advantageous Certifications
Working Knowledge of Security Standards & Frameworks
- NIST Cyber Security Framework
- SOC 2
- CBEST / TIBER-EU
Career Stage
Senior Associate
LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.
We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone's race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.
#J-18808-Ljbffr