This job is brought to you by Jobs/Redefined, the UK's leading over-50s age inclusive jobs board.
Job Title: Head of Information Security
Key Relationships: All IT, Compliance, Data Management, Risk Management, Commercial Management, Talent Management, General Management and Underwriting and Claims Operation Staff, Information Security Committee, Suppliers
Job Summary: Manages and develops the global Information Security function for the Group CISO in a regulated environment - being predominantly responsible for IAM, Third Party Security Assurance, security policy development and enforcement, running security training and awareness for the business and supporting security investigations.
Key Responsibilities:
- Manage the day to day operations for information security within the CISO office, including security investigations, third party security assurance, Identity and Access Management (IAM), cyber security training and awareness, policy development, audit support, and other responsibilities delegated from the CISO.
- Manage the budget for Information Security vendors in support of the Group CISO budget requirements.
- Manage the procurement cycle for all Information Security vendors on behalf of the Group CISO, including renewals and recommendations for new vendors.
- Ensure effective management of Information Security vendors, including oversight of outsourcing support, data management, and quarterly business reviews.
- Develop effective operational processes for Information Security, ensuring smooth and effective functioning.
- Ensure standards, objectives, and accountabilities are clearly defined and communicated to direct reports.
- Ensure Information Security controls are effectively in place, configured, and aligned to global strategy.
- Ensure timely status and progress reporting of information security matters to the CISO.
- Prepare reporting for governance committees to ensure clear communication of information security updates and maturity work.
- Act as a source of technical expertise, providing expert advice and guidance on information security for the business.
- Build strong relationships with internal stakeholders, demonstrating a thorough understanding of their business and how information security adds value.
- Contribute to strategic security decisions through the development and implementation of appropriate systems and processes.
- Implement regular reviews for security policy updates, reflecting group risk appetite and ensuring compliance with regulations.
- Lead and develop Information Security best practices in line with global security standards and regulations.
- Provide training and oversight to employees and partners on information handling per global organizational policies.
- Analyze and report the group's Information Security risks to the Security First Line Risk Manager and Group CISO.
- Develop Third Party Incident Response capability across the business.
- Assist with ensuring contracts with third-party suppliers meet information security, data security, and privacy requirements.
- Support the Group CISO in ensuring compliance with Information Security Policy standards.
- Assist IT in monitoring internal control systems to maintain appropriate access levels.
- Support compliance, risk, audit, and other teams to uphold Information Security accountability.
General:
- Projects and problems may require evening and weekend work, scheduled in advance.
- Adopt the Beazley culture of Professionalism, Integrity, Effectiveness, and Dynamic attitude.
- Comply with Beazley procedures, policies, and regulations relevant to your role.
- Uphold the Beazley principle of Treating Customers Fairly.
- Carry out additional responsibilities as notified through objectives or the learning management system.
Personal Specification:
Education and Qualifications:
- Degree level educated - ideally in information systems, or equivalent work experience.
- Security Risk Management qualification/experience essential.
- Data Protection or equivalent qualification.
Skills and Abilities:
- Excellent written and oral communication skills.
- The ability to prioritize work and deliver results in a pressurized environment.
- Adept at internal and external stakeholder management, providing expert advice.
- Self-motivated with a flexible approach to working.
- Ability to work collaboratively with a broad range of constituencies.
- Understanding of data management regulatory requirements in the UK, US, and globally.
- Unblemished career history requiring trustworthiness and integrity.
- Ability to communicate technical concepts to both technical and non-technical staff.
Knowledge and Experience:
- Proven experience in information security, particularly managing multiple projects.
- Awareness of data loss protection best practices.
- Strong background in third party assurance, IAM, and policy development.
- Risk management qualifications/experience for effective management of Information Security controls.
- Experience in a regulated industry is essential.
- Financial services experience is highly desirable.
- Multi-country experience is desirable but not essential.
Aptitude and Disposition:
- Outcome focused, self-motivated, flexible, and enthusiastic.
- Professional approach to interact with managers, colleagues, and external suppliers.
Competencies:
- Technical expertise
- Conceptual thinking and problem solving
- Planning and managing resources effectively
- Delivery orientation, initiative, and drive
- Purposeful communication and capacity to influence others
- Team player
- Customer focus
#J-18808-Ljbffr