LSEG (London Stock Exchange Group)

Lead, Security Controls Specialist, IAM

LSEG (London Stock Exchange Group)

full-time

Posted on:

Location Type: Office

Location: LondonUnited Kingdom

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AzureCloudCyber SecurityITSM

About the role

  • Lead the development, implementation, and continuous improvement of cybersecurity governance frameworks, policies, and standards.
  • Ensure alignment with regulatory requirements (e.g., ISO 27001, NIST, GDPR, SOX).
  • Drive policy adoption and compliance across business units and technology teams.
  • Own the end-to-end process for external cybersecurity and identity-related audits, including planning, coordination, evidence collection, and response to observations.
  • Act as the main point of contact for external auditors, regulators, and third-party assurance teams.
  • Support client audits and due diligence activities by articulating the organisation’s IAM architecture, controls, and operational processes.
  • Review and challenge audit evidence to ensure accuracy, completeness, and relevance.
  • Track and manage audit findings, ensuring timely remediation and closure.
  • Collaborate with internal teams to ensure audit readiness and continuous improvement of control environments.
  • Lead the strategic development and continuous improvement of IAM governance frameworks, ensuring alignment with enterprise security architecture and zero trust principles.
  • Define and enforce policies for identity lifecycle management, access provisioning/deprovisioning, and role engineering across hybrid environments (cloud/on-prem).
  • Oversee technical governance of PAM and IGA platforms, including integration with SIEM, ITSM, and HR systems.
  • Drive automation and analytics in IAM processes to improve efficiency, reduce risk, and support audit readiness.
  • Collaborate with IAM engineering and operations teams to ensure secure implementation of access controls, including API-level enforcement and dynamic access policies.
  • Establish and monitor IAM governance KPIs (e.g., access review completion rates, orphaned accounts, SoD violations) and report to senior leadership.
  • Oversee the design and effectiveness of cybersecurity controls across the organisation.
  • Conduct control assessments and gap analyses to identify areas of improvement.
  • Collaborate with internal teams to define and implement risk mitigation strategies.
  • Build strong relationships with internal and external stakeholders, including IT, Legal, Risk, Business Units, clients, auditors, and regulators.
  • Represent the IAM function in external forums, including regulatory reviews, client assurance meetings, and third-party risk assessments.
  • Provide clear, concise, and actionable reporting to senior leadership and governance committees.
  • Educate and influence stakeholders on cybersecurity governance, IAM architecture, and audit readiness.

Requirements

  • Proven experience (7+ years) in cybersecurity governance, risk, and audit within a complex enterprise environment.
  • Strong understanding of audit methodologies and regulatory frameworks (ISO 27001, NIST).
  • Deep technical understanding of IAM architecture, protocols (SAML, OAuth, OpenID Connect), and directory services (LDAP, AD, Azure AD).
  • Experience designing and implementing scalable IAM solutions in complex, multi-cloud environments.
  • Familiarity with identity threat detection and response capabilities.
  • Proven ability to translate business requirements into secure and compliant IAM solutions.
  • Demonstrated ability to manage external audits and confidently engage with auditors.
  • Experience reviewing and challenging technical and procedural evidence.
  • Strong knowledge of IAM principles and governance.
  • Hands-on experience with PAM solutions (BeyondTrust/CyberArk) and IGA platforms (e.g SailPoint).
  • Excellent communication and stakeholder management skills.
  • Strong analytical and problem-solving capabilities.
  • Relevant certifications (e.g., CISA, CISM, CRISC, CISSP) preferred.
Benefits
  • Competitive salary and benefits package.
  • Opportunity to shape and lead cybersecurity governance in a dynamic organisation.
  • Collaborative and inclusive work environment.
  • Professional development and certification support.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
cybersecurity governancerisk managementaudit methodologiesIAM architectureSAMLOAuthOpenID Connectdirectory servicesPAM solutionsIGA platforms
Soft skills
communicationstakeholder managementanalytical skillsproblem-solvingrelationship buildinginfluencingcollaborationleadershipreportingpolicy enforcement
Certifications
CISACISMCRISCCISSP