General
Job Title: Head of Information Security
Key Relationships: All IT, Compliance, Data Management, Risk Management, Commercial Management, Talent Management, General Management and Underwriting and Claims Operation Staff, Information Security Committee, Suppliers
Job Summary: Manages and develops the global Information Security function for the Group CISO in a regulated environment - being predominantly responsible for IAM, Third Party Security Assurance, security policy development and enforcement, running security training and awareness for the business and supporting security investigations.
Key Responsibilities:
- Manage the day-to-day operations for information security within the CISO office, including business-facing areas of security investigations, third-party security assurance, Identity and Access Management (IAM), cyber security training and awareness, policy development, and audit support.
- Manage the budget for Information Security vendors in support of the Group CISO budget requirements.
- Manage the procurement cycle for all Information Security vendors, including renewals and recommendations for new vendors.
- Ensure effective management of Information Security vendors, including oversight of outsourcing support and accurate data management and reporting.
- Develop effective operational processes for Information Security, ensuring smooth and effective functioning.
- Clearly define and communicate standards, objectives, and accountabilities to direct reports.
- Ensure Information Security controls are effectively in place, configured, and aligned to global strategy.
- Prepare timely status and progress reports on information security matters for the CISO.
- Prepare reporting for governance committees to communicate information security updates and maturity work.
- Act as a source of technical expertise, providing expert advice and guidance on information security for the business.
- Build strong relationships with internal stakeholders, demonstrating an understanding of their business and how information security adds value.
- Contribute to strategic decisions of security through the development and implementation of appropriate systems and processes.
- Implement regular reviews for security policy updates, reflecting group risk appetite and ensuring compliance with applicable regulations.
- Lead and implement Information Security best practices in line with global security standards and regulations.
- Provide training and oversight to employees and third parties on proper information handling in accordance with established global information security policies.
- Analyze and report the group’s Information Security risks to the Security First Line Risk Manager and Group CISO.
- Develop Third Party Incident Response capability across the business.
- Assist with ensuring contracts and service agreements with third-party suppliers meet information security, data security, privacy, and breach notification requirements.
- Support compliance, risk, audit, and other teams as necessary to uphold Information Security accountability.
General:
- Projects and problems may require evening and weekend work, scheduled in advance as possible.
- Adopt the Beazley culture of Professionalism, Integrity, Effectiveness, and a Dynamic attitude promoting teamwork and a positive brand image.
- Comply with Beazley procedures, policies, and regulations relevant to your role.
- Uphold the Beazley principle of Treating Customers Fairly.
- Carry out additional responsibilities as notified through objectives or the learning management system.
Personal Specification:
Education and Qualifications:
- Degree level educated, ideally in information systems, or equivalent work experience.
- Security Risk Management qualification/experience essential.
- Data Protection or equivalent qualification.
Skills and Abilities:
- Excellent written and oral communication skills.
- Ability to prioritize work and deliver results in a pressurized environment.
- Adept at internal and external stakeholder management, providing expert advice.
- Self-motivated with a results-driven approach.
- Ability to work collaboratively with diverse constituencies.
- Understanding of data management regulatory requirements in the UK, US, and globally.
- Trustworthiness and personal integrity.
- Ability to communicate technical concepts to technical and non-technical staff.
Knowledge and Experience:
- Proven experience in information security, managing multiple projects around third-party risk, security training, and policy development.
- Familiarity with data loss protection best practices.
- Strong background in third-party assurance, IAM, and security training.
- Risk management qualifications/experience.
- Experience in a regulated industry is essential.
- Financial services experience is desirable.
- Multi-country experience is desirable.
Aptitude and Disposition:
- Outcome-focused, self-motivated, flexible, and enthusiastic.
- Professional approach to interactions with managers, colleagues, and external suppliers.
Competencies:
- Technical expertise
- Conceptual thinking and problem-solving
- Effective resource planning and management
- Delivery orientation and initiative
- Purposeful communication and influence
- Team player
- Customer focus
#J-18808-Ljbffr