M&G plc

Cyber Risk Analyst

M&G plc

full-time

Posted on:

Location Type: Office

Location: EdinburghUnited Kingdom

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AzureCloudCyber Security

About the role

  • Provide second-line oversight of first‑line cyber controls, assessing their design, implementation and effectiveness.
  • Identify and report cyber risks, supporting formal risk processes (RCSAs, assurance actions) to ensure timely closure.
  • Plan and manage second-line red team programmes and where required support regulatory or auditor testing (e.g., CBEST/FCA/PRA) to drive resilience improvements.
  • Plan and deliver second-line scheduled and ad‑hoc assurance testing (penetration, red team, vulnerability sampling) to validate first line remediation and control effectiveness.
  • Challenge first-line to track and drive remediation of findings from testing, reviews and incidents, ensuring clear remediation plans and closure.
  • Analyse first-line cyber processes and technical incident responses to identify gaps, root causes and pragmatic remedial actions.
  • Oversee cyber risk mitigation projects and control improvement initiatives to reduce exposure and strengthen defences.
  • Communicate risk findings and recommendations clearly to stakeholders, enabling timely, informed decision‑making.

Requirements

  • Experience in financial services, consulting or technology roles in cyber security or technology risk (essential)
  • Broad cyber security expertise: risk management, security architecture, engineering, threat intelligence, vulnerability management and incident response (essential)
  • Understanding of second-line assurance: risk taxonomy, appetite, KRIs and controls (essential)
  • Experience with red teaming, penetration testing or vulnerability scanning (essential)
  • Knowledge of enterprise security products and cloud (primarily Microsoft Azure) (essential)
  • Familiar with CI/CD, DevSecOps, SAST/security scanning and Agile ways of working
  • Comfortable with risk/issue tracking tools, risk reviews and clear stakeholder reporting
  • Able to produce gap analyses against policies/standards using industry best practice
  • Experience in SOC or incident response teams
  • Excellent report-writing and communication skills
  • Knowledge of national/international cybersecurity laws, regulations and ethics relevant to financial services
  • Able to work in diverse, multi-cultural teams with international exposure
  • Curious, analytical and pragmatic problem-solver
Benefits
  • Pension scheme of 18%
  • Share Save and Share Incentive Plan
  • Financial wellbeing and support services
  • 38 days annual leave including bank holidays
  • Opportunity to purchase up to 5 extra days
  • Time Off When You Need It policy
  • Comprehensive support and paid parental leave
  • Health & Protection cover including Private Healthcare, Critical Illness cover and Life Assurance for you, with family options
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cyber risk managementsecurity architectureengineeringthreat intelligencevulnerability managementincident responsered teamingpenetration testingvulnerability scanninggap analysis
Soft Skills
communication skillsreport-writinganalytical problem-solvingstakeholder reportingcollaboration in diverse teamscuriositypragmatic approach