Data Security Risk Consultant

Date: 15 Apr 2025

Location: Edinburgh, GB

Company: Royal London Group

Job Title: Cyber & Data Security Risk Consultant

Contract Type: Permanent

Location: Edinburgh / Alderley Park

Working style: Hybrid 50% home/office based

About the Role:

Are you passionate about cyber security and data protection? Do you have a knack for identifying and managing risks? If so, we have the perfect opportunity for you! As a Cyber & Data Security Risk Consultant, you will play a crucial role in advising the Board and senior management on strategic planning and decision-making. You will independently oversee and challenge the Group's strategic and business risk profiles, provide formal independent opinions on significant risks, and monitor Group-wide risk exposures compared to risk appetite. This role operates within the 2nd line of defence in GR&C, focusing on risk management and compliance. While 2nd line experience is not essential, a background in risk management is highly beneficial.

Your responsibilities will include:

1. Conducting risk-based independent assurance, facilitating risk management activities, promoting strong risk culture and behaviours, and supporting risk-related communication and management information flows across the Group.
2. Overseeing processes and mechanisms to identify, record, assess, manage, and report Information and Cyber Security related risks.

About You:

1. Solid understanding or willingness to gain knowledge of the Royal London Group business vision, values, and strategy, as well as the wider industry.
2. Ideally a degree in Computer Science, Information Technology, or a related field.
3. Experience in cybersecurity, preferably within financial services.
4. Relevant professional certifications such as CISSP, CISM, CDPSE, CDMP, CRISC, CompTIA Security+, and GIAC Security Essentials.
5. Strong technical skills in cybersecurity domains such as IAM, Application and Endpoint Security, Security Operations, and Incident Response.
6. Experience in Data Security and Data Privacy, including knowledge of data protection regulations (e.g., GDPR, CCPA), data encryption, secure data storage, and privacy impact assessments.
7. Deep understanding of Information Risk Management processes to protect information assets, maintain regulatory compliance, meet operational resilience objectives, and deliver outcomes for customers, regulators, and the business.
8. Ability to work independently and as part of a team.

About Royal London:

We're the UK's largest mutual life, pensions and investment company, offering protection, long-term savings, and asset management products and services.

Our People Promise to our colleagues is that we will all work somewhere inclusive, responsible, enjoyable, and fulfilling. This is underpinned by our Spirit of Royal London values; Empowered, Trustworthy, Collaborate, Achieve.

We're an Inclusive employer. We celebrate and value different backgrounds and cultures across Royal London. Our diverse people and perspectives give us a range of skills which are recognised and respected - whatever their background.