Principal Security Engineer

Role Purpose

Managing the strategy, architecture, engineering and control ownership of cyber capabilities and infrastructure defences. Protects the group from cyber threats which seek to impact the confidentiality, integrity, and availability of group assets. Domain area is Platform, Storage & Collaboration Security.

Reports to

Senior Manager, Platform Security

Direct reports

No direct FTE reports.

May manage contingents and vendor/partner resources in their deliveries.

Key relationships & committees

Stakeholders include the wider security team including security architecture, cyber strategy business function, governance, risk and compliance, global security operations centre. Programme management. Entity level Business Information Security Officers (BISOs). Infrastructure & Cloud operations, engineering and architectures teams. Internal risk and audit functions. Architecture and corporate approval forums. External stakeholders partners/vendors, regulators and industry schemes.

Responsibilities

Working in cooperation with Platform, Storage and Collaboration IT teams across the organisation to engineer security controls & further embed security best practices across said environments.

Investigating and analysing complex technology environments. Understanding current security posture then planning & delivering on the solutions and processes required to bring change and improvement.

Owning controls related to domain and ensuring they remain effective through-out their lifecycle.

Remain current with principles, concepts and emerging technologies related to the role.
Influence vendor roadmaps and functionality in support of LSEG objectives.

Deliver required outcomes for the security programmes and investments. Help define the delivery outcomes and milestones with the programme teams.

Develop and own the strategies, architectures, designs, and associated artefacts for the domain area. Technologies have clear roadmaps and lifecycles defined.

Manage third parties in their deliveries related to the domain area.

Leadership responsibilities

This role is an individual contributor and leads no FTE headcount. The role holder may be asked to deputise for the Senior Manager during any period of absence.

Expected to manage and direct the engagement of contingent workers where flex resourcing is required. Either contractors or partner resources.

Critical deliverables

Delivery of activities against of agreed cyber security strategies. Shapes project delivery with the project management team and the senior manager of the domain area.

Delivery of key artefacts associated with the role, artefacts support evidencing and assurance activities.

Ongoing control operation and effectiveness and evidencing of such.

Reporting, development and management of agreed measures, key performance indicators and key risk indicators.

Management of services delivered to the group by vendors and partners.

Impact

As a group level function the role has impact across all parts of the business as it has responsibility for the relevant group security controls which seek to mitigate the risk and impact to the group from cyber-attacks. Impacts include financial, economic, regulatory, customer and brand.

The role is key to addressing regulatory concerns for all of our regulated entities related to cyber security and cyber resilience.

Key KPIs

Delivery of projects and BAU activities within agreed timescales to the required standard.

Issues that are identified are fixed and remain fixed and are not recurring.

Key artefacts for the activities performed by the role exist, are accurate and of required standard.

Agreed measures related to controls owned by the role, for example Key Risk Indicators, are delivered and managed.

Technical / job functional knowledge

Knowledge and experience in Platform, Storage & Collaboration Security. Operating systems platforms includes Windows, Linux, Unix, Mac & Mobile Devices. Network attached storage and storage area networks. Level of knowledge in the domain technology area would be considered an expert in at least two areas of the wide scope.

Ability to communicate clearly and concisely with business and technical colleagues. Excellent verbal, written and documentation writing skills. Able to read though and understand design documentation, write design documentation, runbooks etc.

Thorough, in depth understanding of End User Compute (EUC) security best practices, both for Physical and Virtual environments.

Experience with workstation & server management platforms such as SCCM, Intune, Citrix etc.

Experience managing Endpoint Privilege Management controls.

Knowledge and experience of cloud delivered SaaS and IaaS services such as M365, secure email gateways, Intune and so on.

Strong understanding of Windows Server and Active Directory security best practices.

Experience securing Linux Operating systems is desirable.

Architecture and engineering of layered control capabilities.

Adversary Tools, Techniques and Procedures. A deep understanding of TTP's is required.
Threat Modelling experience.

Broad technology and security knowledge across non-core domain area.

Structured and methodical troubleshooting practices for resolving the most complex problems.

Policies, standards, and security frameworks, NIST, CIS.
Risk and control, management, monitoring and reporting.

Experience of project management and service management as it relates to the delivery of services for the domain area.

The role holder works independently and with guidance only in the most complex of situations. The role holder is expected to solve problems with sound judgement and in a way that is aligned to good practice and in the long-term interests of the organisation.

The role holder is likely to hold one or more of the following security or engineering/architecture specific certifications, CISSP, OSCP, TOGAF, GIAC or those relevant to the role/domain area.

Business and sector expertise

Experience and knowledge of technology in financial services and/or regulated environments and industry compliance schemes (for example SWIFT) preferred.

Must have significant experience of working in security focussed roles. Likely will have greater than 5 years full time in security roles as part of a overall career in technology in excess of 10 years focussed predominantly in the domain area for the role. Expected to have direct hands-on experience in some of the domain area technologies

Leadership and management experience

Managing a non-FTE delivers from contingent and/or partner/vendors in delivery.

Experience in advocating for and influencing change in order to reach best outcome based on the needs of the organisation, stakeholders and from monitoring industry trends.

Mentoring and guiding those at earlier career stages to grow the competence and experience of the team.

Collaborating across the group to deliver successful sustainable outcomes for the group and it's stakeholders.

Delivering feedback in a way useful for an individual and a team for growth.

Adapts messaging and presentation styles to the needs of a different audiences.

Is measured and considered in challenging and high-pressure situations. Is clear and when necessary assertive in directing what needs to happen.

Diversity & Inclusion

People are at the heart of what we do and drive the success of our business. Our colleagues thrive personally and professionally through our shared values of Integrity, Partnership, Innovation and Excellence are at the core of our culture. We embrace diversity and actively seek to attract people with unique backgrounds and perspectives. We are always looking at ways to become more agile, so we meet the needs of our teams and customers. We believe that an inclusive collaborative workplace is pivotal to our success and supports the potential and growth of all colleagues at LSEG

At LSEG, we believe that creating a diverse and inclusive organisation is fundamental to the way we deliver on our promise of creating essential partnerships and open opportunities. Our open culture is central to how we deliver our purpose - driving financial stability, empowering economies and enabling customers to create sustainable growth - in everything we do.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 70 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone's race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as any mental health or physical disability needs.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it's used for, and how it's obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.