About BMS Group
BMS is a dynamic, independent, global broker established in 1980, delivering specialist insurance, reinsurance, and capital markets advisory services. We are a global brand with offices located across the US, Canada, Latin America, Australia, Europe and Asia with both a strong, local focus and understanding of market needs.
Our teams are respected globally for their specialist market knowledge, intelligent analysis and insight. Our people strive to be ‘the best in class’ and with an innovative approach and their entrepreneurial thinking, our clients truly benefit from better solutions to policy development and placement.
Being independent makes a key difference to our clients, giving our brokers the freedom to deliver the best solutions, tailored to meet their business needs. Coupled with our collaborative team approach, single platform worldwide and renowned personal service, we are the independent broker of choice.
Summary of Position
This position will report to the Head of Security GRC & Deputy CISO as a senior member of the team. The role is expected to support day-to-day activities alongside other Security Specialists in the team whilst being able to step up and cover leadership responsibilities as and when required.
As a Senior Information Security Specialist, you will be providing expert subject matter expertise in the design, implementation, and application of BMS information security systems, policies, and procedures. You will work closely with other IT professionals and specialist business units to ensure that the company's data is protected from Information Security threats.
Key Responsibilities & Accountabilities
Governance
- Support the Head of Security GRC & Deputy CISO with the development, alignment and implementation of an Information Security Strategy
- Development, review and alignment of Information Security Policy
- Support the development and delivery of an ongoing information security awareness programme
- Ensure InfoSec policies, procedures and standards are accessible, communicated and understood by staff, contractors and vendors. Where required this will include delivering training
- Attendance of relevant governance groups within BMS to ensure complete, transparent and effective risk management is delivered
- Consolidating information security audit actions and driving remediation and closure
- Producing management information (Dashboard) that clearly reflects BMS’s information security risk profile
- Act as an Information Security subject matter specialist to the business
- Establish mechanisms, behaviours and culture to encourage the protection of BMS information and information systems
Risk
- Management and maintenance of the Information Security Risk Register, ensuring risks are actively managed or exemptions are managed and recorded.
- Completion of InfoSec risk assessments and workshops.
- Ensuring that InfoSec risk governance and control frameworks are maintained and that risks/issues are reported and escalated appropriately.
- Review, challenge and track the implementation and effectiveness of controls and risk mitigation treatment plans as a result of a risk assessment
- Ensure appropriate management focus for any vulnerability that could damage the confidentiality, integrity or availability of BMS information or information systems.
- Track and record information security incidents and to ensure risk mitigation controls are appropriate and proportionate and that exposure is minimized.
- Support the Information Security Incident response process as required
- Facilitate a process of continuous improvement in the delivery of information security services to BMS
Compliance
- To track requirements and compliance with relevant legislation, regulations, standards and frameworks as they pertain to Information Security
- Measure the performance and compliance of key BMS controls which include (but are not limited to):
- Management and maintenance of a rolling 12-month compliance schedule
What we’re looking for
- Proven experience in Information Security GRC functions (10+ year) with senior roles held
- Leadership experience
- Cyber Risk expert (experience of multiple frameworks and standards)
- Able to work with technical and wider business colleagues in driving good business outcomes that align with business risk appetite
- Excellent writing and communication skills
- Significant experience and success in managing multiple issues, problems and work streams with a clear ability to prioritise
- Excellent understanding of general information security concepts and principals
- Exposure to cyber incident management frameworks and recovery concepts.
- Experience developing and maintaining written security controls, compliance monitoring, and defining treatment strategies.
- Expert knowledge of regulations and industry standards as applicable to the insurance sector (e.g. NIST Cybersecurity Framework, GDPR, DORA, SWIFT etc)
- Personally demonstrate the five BMS values and ensure that team members are aligned with these:
We put clients first
We work as one
We find a way
We sweat the details
We take ownership
What’s in it for me?
This is a permanent role, offering a competitive salary and bonus, 27 days holiday, plus access to our personalised benefits platform, Your Rewards, including:
- comprehensive private medical cover for you and your dependents
- complimentary annual health checks
- access to a virtual 24hr GP
- gym subsidy & dedicated wellbeing support
- retail discounts
- opportunity to purchase equity
- defined contribution pension
- extra day’s leave to celebrate your birthday
Through our Diversity, Equality and Inclusion (DEI) vision, we are committed to ‘building a culture of belonging for all, valuing diverse perspectives and embracing authenticity.’ As such, we have created our ‘BMS Together’ programme, with dedicated training, collaborative committees and intentional partnerships. In support of our ESG vision, we offer two additional paid days each year to take part in charitable work.
BMS offers flexible and hybrid working policies and we’re happy to discuss options with you upon application. Please let our team know if you require any adjustments to support you through the application process.