General
Job Title: Head of Information Security
Key Relationships: All IT, Compliance, Data Management, Risk Management, Commercial Management, Talent Management, General Management and Underwriting and Claims Operation Staff, Information Security Committee, Suppliers
Job Summary: Manages and develops the global Information Security function for the Group CISO in a regulated environment - being predominantly responsible for IAM, Third Party Security Assurance, security policy development and enforcement, running security training and awareness for the business and supporting security investigations.
Key Responsibilities:
* Manage the day-to-day operations for information security within the CISO office, including business-facing areas of security investigations, third-party security assurance, Identity and Access Management (IAM), cyber security training and awareness, policy development, and audit support.
* Manage the budget for Information Security vendors in support of the Group CISO budget requirements.
* Manage the procurement cycle for all Information Security vendors, including renewals and recommendations for new vendors.
* Ensure effective management of Information Security vendors, including oversight of outsourcing support and accurate data management and reporting.
* Develop effective operational processes for Information Security, ensuring smooth and effective functioning.
* Clearly define and communicate standards, objectives, and accountabilities to direct reports.
* Ensure Information Security controls are effectively in place, configured, and aligned to global strategy.
* Prepare timely status and progress reports on information security matters for the CISO.
* Prepare reporting for governance committees to communicate information security updates and maturity work.
* Act as a source of technical expertise, providing expert advice and guidance on information security for the business.
* Build strong relationships with internal stakeholders, demonstrating an understanding of their business and how information security adds value.
* Contribute to strategic decisions of security through the development and implementation of appropriate systems and processes.
* Implement regular reviews for security policy updates, reflecting group risk appetite and ensuring compliance with applicable regulations.
* Lead and implement Information Security best practices in line with global security standards and regulations.
* Provide training and oversight to employees and third parties on proper information handling in accordance with established global information security policies.
* Analyze and report the group’s Information Security risks to the Security First Line Risk Manager and Group CISO.
* Develop Third Party Incident Response capability across the business.
* Assist with ensuring contracts and service agreements with third-party suppliers meet information security, data security, privacy, and breach notification requirements.
* Support compliance, risk, audit, and other teams as necessary to uphold Information Security accountability.
General:
* Projects and problems may require evening and weekend work, scheduled in advance as possible.
* Adopt the Beazley culture of Professionalism, Integrity, Effectiveness, and a Dynamic attitude promoting teamwork and a positive brand image.
* Comply with Beazley procedures, policies, and regulations relevant to your role.
* Uphold the Beazley principle of Treating Customers Fairly.
* Carry out additional responsibilities as notified through objectives or the learning management system.
Personal Specification:
Education and Qualifications:
* Degree level educated, ideally in information systems, or equivalent work experience.
* Security Risk Management qualification/experience essential.
* Data Protection or equivalent qualification.
Skills and Abilities:
* Excellent written and oral communication skills.
* Ability to prioritize work and deliver results in a pressurized environment.
* Adept at internal and external stakeholder management, providing expert advice.
* Self-motivated with a results-driven approach.
* Ability to work collaboratively with diverse constituencies.
* Understanding of data management regulatory requirements in the UK, US, and globally.
* Trustworthiness and personal integrity.
* Ability to communicate technical concepts to technical and non-technical staff.
Knowledge and Experience:
* Proven experience in information security, managing multiple projects around third-party risk, security training, and policy development.
* Familiarity with data loss protection best practices.
* Strong background in third-party assurance, IAM, and security training.
* Risk management qualifications/experience.
* Experience in a regulated industry is essential.
* Financial services experience is desirable.
* Multi-country experience is desirable.
Aptitude and Disposition:
* Outcome-focused, self-motivated, flexible, and enthusiastic.
* Professional approach to interactions with managers, colleagues, and external suppliers.
Competencies:
* Technical expertise
* Conceptual thinking and problem-solving
* Effective resource planning and management
* Delivery orientation and initiative
* Purposeful communication and influence
* Team player
* Customer focus
#J-18808-Ljbffr