General
Job Title: Head of Information Security
Key Relationships: All IT, Compliance, Data Management, Risk Management, Commercial Management, Talent Management, General Management and Underwriting and Claims Operation Staff, Information Security Committee, Suppliers
Job Summary: Manages and develops the global Information Security function for the Group CISO in a regulated environment - being predominantly responsible for IAM, Third Party Security Assurance, security policy development and enforcement, running security training and awareness for the business and supporting security investigations.
Key Responsibilities:
- Manage the day to day operations for information security within the CISO office, to include the business facing areas of security investigations, third party security assurance, Identity and Access Management (IAM), cyber security training and awareness, policy development, audit support; among other responsibilities delegated from the CISO.
- Manage the budget for Information Security vendors in support of the Group CISO budget requirements.
- Manage the procurement cycle for all Information Security vendors on behalf of the Group CISO, including renewals and recommendations for new vendors.
- Ensure effective management of Information Security vendors – to include day to daye overview of any outsourcing support, data management and ingestion from the vendors is accurate, reporting is sourced from the vendor, and quarterly business reviews are implemented effectively.
- Develop effective consistent operational processes for Information Security, ensuring its smooth and effective functioning.
- Ensure standards, objectives and accountabilities are clearly defined and communicated to direct reports.
- Ensure Information Security controls are effectively in place, configured and aligned to global strategy.
- Ensure the status and progress reporting of information security matters are met in a timely manner to the CISO.
- Prepare reporting for governance committees to ensure clear communication of information security updates and maturity work.
- Ensure that the department acts a source of technical expertise, providing expert advice and guidance on information security for the business.
- Build a strong relationship with internal stakeholders, demonstrating a thorough understanding of their business and how information security adds value and strengthens security at Beazley.
- Contribute to the strategic decisions of security through the development, introduction and implementation of appropriate systems and processes.
- Ensure a regular cadence of reviews is implemented for security policy reviews and updates, reflecting group risk appetite and ensuring compliance with regulation applicable to the business.
- Lead on, develop, manage, and implement Information Security best practice in line with global security standards and regulation.
- As required, provide direct training and oversight to employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information handling in accordance with established global organisational information security policies and procedures.
- Ensure that the group’s Information Security risks are consistently analysed and reported to the Security First Line Risk Manager and Group CISO.
- Lead and develop Third Party Incident Response capability across the business.
- Assist with ensuring contracts and service agreements with, but not limited to, third party suppliers, cover holders, program administrators meet information security, data security, privacy and breach notification requirements.
- Assist the business in support of the Group CISO to ensure they are meeting Information Security Policy standards.
- Assist IT in monitoring the internal control systems to ensure that appropriate access levels are maintained. Where appropriate, this can involve tool development and procurement to support the controls environment.
- Provide support to compliance, risk, audit and other teams as necessary to support Information Security accountability for the business; likely to include external audits and regulatory meetings.
General:
- As normal in an IT operational environment, projects and problems may demand evening and weekend working. This will be scheduled in advance as far as possible.
- Adopt the Beazley culture of Professionalism, Integrity, Effectiveness and Dynamic attitude that contributes to an internal environment of teamwork and promotes a positive brand image to our external customers.
- Comply with Beazley procedures, policies and regulations relevant to your role. Undertake relevant training on Beazley policies and procedures as delivered by your line manager, the Talent Management development or assurance teams (compliance, risk, internal audit) either directly, via e-learning or the learning management system.
- Comply with any specific responsibilities necessary for your role as outlined by your line manager, the Talent Management development or assurance teams (compliance, risk, internal audit) and ensure you keep up to date with developments in these areas. This may include, amongst others, Beazley’s underwriting control standards, Beazley’s claims control standards, other Beazley standards and customer relationship management.
- Ensure that you uphold the Beazley principle of Treating Customers Fairly.
- Carry out additional responsibilities as individually notified, either through your objectives or through the learning management system. These may include, among others, European Strategy Team, US Management team or membership of any Beazley committees.
Personal Specification:
Education and Qualifications
- Degree level educated - ideally in information systems, or equivalent work experience
- Security Risk Management qualification/experience essential
- Data Protection or equivalent qualification
Skills and Abilities
- Excellent written and oral communications skills.
- The ability to prioritise work and deliver results in a pressurised environment, through tactical and strategic planning.
- Adept at significant internal and external stakeholder management, providing expert advice which demonstrates judgement and an understanding of Information Security standards in a regulated environment.
- Self-motivation, with an ability to work with high degree of autonomy and to be results-driven with a flexible approach to working.
- The ability to work collaboratively with a broad range of constituencies.
- An understanding of the various data management regulatory requirements that Beazley is subject to, in the UK, the US and around the world.
- An unblemished career history holding positions requiring trustworthiness and personal integrity.
- The ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff and management.
Knowledge and Experience
- Proven experience in information security, particularly managing multiple projects of work around third party supply chain risk, security training and awareness, access management assurance and security policy development.
- Be aware of data loss protection best practices to support the enhancement and enforcement of these at Beazley in support of the DLP manager.
- A strong background in third party assurance, IAM, Security Training and Awareness and Policy development is essential for success in this role.
- Risk management qualifications/experience to ensure effective management of Information Security controls.
- Experience in a regulated industry is essential
- Financial services experience is highly desirable, but not required.
- Multi-country experience (i.e., beyond UK, and ideally including US) is highly desirable, but not essential.
Aptitude and Disposition
- Outcome focussed, self-motivated, flexible and enthusiastic.
- Professional approach to successfully interact with managers/colleagues/external suppliers.
Competencies
- Technical expertise
- Conceptual thinking and problem solving
- Planning and managing resources effectively
- Delivery orientation, initiative and drive
- Purposeful communication and capacity to influence others
- Team player
- Customer focus