Address
SalaryI'm delighted to be partnering a global Insurance group to appoint a Business Information Security Officer based in London City. This is a rare and exceptional opportunity for a technical "hands on" and strategic InfoSec leader with experience in data protection, third party risk, operational resilience and implementation of security measures. Someone with project management, delivery and expertise in complex regulatory and contractual requirements.
Client Details
A leading global re/Insurance Group comprising distinct businesses covering various Insurance and Reinsurance service offerings across a well-established international customer base. This is a highly compelling Insurance brand with a rich history and deep expertise operating across Lloyd's, UK, European and global markets. This role sits within their successful and growing reinsurance business with a syndicate in the Lloyd's of London market supporting a diverse client portfolio with complex re/insurance needs.
Description
About the role
The Business Information Security Officer (BISO) plays a pivotal role in bridging the gap between business objectives, cybersecurity and data protection strategy focusing on excellence in protecting, detecting, resolving, mitigating, recovering and learning from potential security exposures.
Key Responsibilities
Direct, embed Information Security and Data Protection Strategy:
- Assess and set the strategy to achieve and maintain appropriate infoSec practices, controls, resilience, risk identification and responses across Tech and Data
- Determine, adopt, embed and assess the infoSec framework and certification appropriate to our organisation and markets considering new laws, standards, NIST, ISO27001, CIS, CQUEST etc)
- Define and execute the cyber strategy, prioritising short, medium and long-term investment considering resilience and risk factors
- Work with stakeholders to assess impact of new projects, solutions, partnerships and regulations to security and data protection posture and support implementation
- Lead and collaborate across the group to ensure uniformity in cybersecurity policies and practices
Protect, Detect, Respond, Recover, Improve Management:
- Lead on horizon scanning for security threats, vulnerabilities and mitigations across the estate and data
- Lead cyber and Data Protection testing for compliance and vulnerability aligning to operational resilience, continuity management and other reg requirements
- Ensure security content training initiatives are conducted regularly and communicated effectively
- Develop standards and assess risks of third-party relationships on posture and data protection, advising and monitoring
Leadership and Advocacy:
- Work with the business to incorporate security-by-design principles into projects, architecture, infrastructure, and applications.
- Collaborate to establish and embed infoSec and data protection standards, resilience, response and recovery capabilities to improve posture within risk tolerances
Profile
Looking for a proven and forward-thinking Information Security leader who has demonstrable experience leading on development of cyber security and data protection maturity within global, complex and highly regulated organisations. This role is initially a lead individual contributor role with scope for growth.
Skills and experience
- Experience in financial services and preferably Insurance/ Lloyd's market
- Knowledge of national and global cybersecurity policies, regulations, and frameworks.
- Expertise in data protection practices, third party assessment and operational resilience
- Expertise in complex regulatory and contractual requirements and an ability to create effective compliance systems
- Extensive experience in cybersecurity technology project management and actively promotes and manages security change throughout an organisation
- Proven working with IT systems, security and governance to align with control frameworks, incident management, operations and application of security best-practices.
- Familiar with vendor security risk and data protection reviews and controls
- Understanding the different Certification such as CISSP, CISM, CRISC, or CISA preferred
- Experience in building response and recovery capabilities.
- Excellent written and verbal communication skills, with the ability to engage stakeholders at all levels.
- Strong understanding of business processes and the ability to integrate cybersecurity seamlessly.
Job Offer
Opportunity to join a leading global re/insurance firm in this Business Information Security Officer Role:Competitive Basic Salary
Performance Related Discretionary Bonus
Flexible and Rewarding Pension
28 days leave + buy / sell option
Hybrid Working in premium London, City office
