M&G plc

About the Company

M&G plc is a leading international savings and investments business, managing money for around 4.6 million individual clients and more than 900 institutional clients in 38 offices worldwide. As at 31 December 2024, we had PS345.9 billion of assets under management and administration. Our purpose is to give everyone real confidence to put their money to work.

With a heritage dating back more than 175 years, M&G plc has a long history of innovation in savings and investments, combining asset management and insurance expertise to offer a wide range of solutions. Our three distinct operating segments, Asset Management, Life and Wealth, work together to provide access to balanced, long-term investment and savings solutions.

Listed Jobs

Company Name

M&G plc

Job Title

Cyber Risk Consultant

Job Description

**Job Title:** Cyber Risk Consultant **Role Summary:** A subject matter expert in cybersecurity, providing second-line oversight of technology and cyber risk across an organization, ensuring robust risk mitigation and compliance with regulatory requirements. **Expectations:** Deliver independent cyber risk reviews, manage red team testing, and collaborate with cross-functional teams to evaluate and strengthen first-line controls and cybersecurity initiatives. **Key Responsibilities:** - Plan, execute, and oversee Red Team Cyber testing with third-party specialists. - Assess first-line security controls (e.g., SOC) and provide second-line evaluations of cybersecurity effectiveness. - Lead cyber risk appetite management and report performance against defined risk thresholds. - Provide second-line oversight of cyber threat intelligence processes and incident response planning. - Conduct risk-based sampling reviews to identify control gaps and recommend remediation. - Advise on regulatory compliance related to cybersecurity and support regulatory reporting. - Collaborate with Technology, Security, and business stakeholders to ensure alignment on risk strategy. - Line manage a Technology Risk professional. **Required Skills:** - Extensive knowledge of cybersecurity principles (risk management, threat intelligence, incident response). - Expertise in cybersecurity architecture, vulnerability management, and security engineering. - Proficiency in conducting cyber risk reviews and developing risk appetite frameworks. - Strong stakeholder management and communication skills for cross-functional collaboration. - Experience with AI-enhanced cybersecurity solutions and compliance with regulatory standards. - Ability to deliver actionable risk insights and lead complex reviews. **Required Education & Certifications:** - 12+ years of experience in cybersecurity or technology risk roles within financial services, consulting, or technology sectors. - Demonstrated expertise in enterprise cybersecurity technologies and control frameworks. - Experience defining and embedding cyber risk governance processes.

Edinburgh, United kingdom

Hybrid

Senior

28-09-2025