Job Title: Head of Information Security
Key Relationships: All IT, Compliance, Data Management, Risk Management, Commercial Management, Talent Management, General Management and Underwriting and Claims Operation Staff, Information Security Committee, Suppliers
Job Summary: Manages and develops the global Information Security function for the Group CISO in a regulated environment - being predominantly responsible for IAM, Third Party Security Assurance, security policy development and enforcement, running security training and awareness for the business and supporting security investigations.
Key Responsibilities:
* Manage the day-to-day operations for information security within the CISO office, including business-facing areas of security investigations, third party security assurance, Identity and Access Management (IAM), cyber security training and awareness, policy development, and audit support; among other responsibilities delegated from the CISO.
* Manage the budget for Information Security vendors in support of the Group CISO budget requirements.
* Manage the procurement cycle for all Information Security vendors on behalf of the Group CISO, including renewals and recommendations for new vendors.
* Ensure effective management of Information Security vendors – to include day-to-day overview of any outsourcing support, data management and ingestion from the vendors, accurate reporting sourced from the vendor, and effective implementation of quarterly business reviews.
* Develop effective consistent operational processes for Information Security, ensuring smooth and effective functioning.
* Ensure standards, objectives, and accountabilities are clearly defined and communicated to direct reports.
* Ensure Information Security controls are effectively in place, configured, and aligned to global strategy.
* Ensure timely status and progress reporting of information security matters to the CISO.
* Prepare reporting for governance committees to ensure clear communication of information security updates and maturity work.
* Ensure the department acts as a source of technical expertise, providing expert advice and guidance on information security for the business.
* Build strong relationships with internal stakeholders, demonstrating a thorough understanding of their business and how information security adds value and strengthens security at Beazley.
* Contribute to strategic decisions of security through the development, introduction, and implementation of appropriate systems and processes.
* Implement a regular cadence of reviews for security policy updates, reflecting group risk appetite and ensuring compliance with applicable regulations.
* Lead, develop, manage, and implement Information Security best practices in line with global security standards and regulations.
* Provide direct training and oversight to employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information handling in accordance with established global organizational information security policies and procedures.
* Ensure that the group’s Information Security risks are consistently analyzed and reported to the Security First Line Risk Manager and Group CISO.
* Lead and develop Third Party Incident Response capability across the business.
* Assist with ensuring contracts and service agreements with third party suppliers, cover holders, program administrators meet information security, data security, privacy, and breach notification requirements.
* Support the business in ensuring they meet Information Security Policy standards.
* Assist IT in monitoring internal control systems to ensure appropriate access levels are maintained, which may involve tool development and procurement to support the controls environment.
* Provide support to compliance, risk, audit, and other teams as necessary to support Information Security accountability for the business; likely to include external audits and regulatory meetings.
General:
* As normal in an IT operational environment, projects and problems may demand evening and weekend working, scheduled in advance as far as possible.
* Adopt the Beazley culture of Professionalism, Integrity, Effectiveness, and a Dynamic attitude that contributes to an internal environment of teamwork and promotes a positive brand image to our external customers.
* Comply with Beazley procedures, policies, and regulations relevant to your role. Undertake relevant training on Beazley policies and procedures as delivered by your line manager, the Talent Management development, or assurance teams (compliance, risk, internal audit) either directly, via e-learning, or the learning management system.
* Comply with any specific responsibilities necessary for your role as outlined by your line manager, ensuring you keep up to date with developments in these areas.
* Ensure that you uphold the Beazley principle of Treating Customers Fairly.
* Carry out additional responsibilities as individually notified, either through your objectives or through the learning management system.
Personal Specification:
Education and Qualifications:
* Degree level educated - ideally in information systems, or equivalent work experience.
* Security Risk Management qualification/experience essential.
* Data Protection or equivalent qualification.
Skills and Abilities:
* Excellent written and oral communications skills.
* The ability to prioritize work and deliver results in a pressurized environment, through tactical and strategic planning.
* Adept at significant internal and external stakeholder management, providing expert advice which demonstrates judgment and an understanding of Information Security standards in a regulated environment.
* Self-motivation, with an ability to work with a high degree of autonomy and to be results-driven with a flexible approach to working.
* The ability to work collaboratively with a broad range of constituencies.
* An understanding of the various data management regulatory requirements that Beazley is subject to, in the UK, the US, and around the world.
* An unblemished career history holding positions requiring trustworthiness and personal integrity.
* The ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff and management.
Knowledge and Experience:
* Proven experience in information security, particularly managing multiple projects around third party supply chain risk, security training and awareness, access management assurance, and security policy development.
* Awareness of data loss protection best practices to support the enhancement and enforcement of these at Beazley in support of the DLP manager.
* A strong background in third party assurance, IAM, Security Training and Awareness, and Policy development is essential for success in this role.
* Risk management qualifications/experience to ensure effective management of Information Security controls.
* Experience in a regulated industry is essential.
* Financial services experience is highly desirable, but not required.
* Multi-country experience (i.e., beyond UK, ideally including US) is highly desirable, but not essential.
Aptitude and Disposition:
* Outcome focused, self-motivated, flexible, and enthusiastic.
* Professional approach to successfully interact with managers/colleagues/external suppliers.
Competencies:
* Technical expertise
* Conceptual thinking and problem solving
* Planning and managing resources effectively
* Delivery orientation, initiative, and drive
* Purposeful communication and capacity to influence others
* Team player
* Customer focus
#J-18808-Ljbffr