We are working with a leading global insurance firm looking for a Head of Information Security to lead the information security strategy and operations.
The Head of Information Security will be responsible for developing and implementing the company’s information security strategy. This will involve identifying and assessing security risks, developing and implementing security controls, and monitoring the effectiveness of the security program.
This is a newly created position that will play a critical role in protecting the company’s information assets and ensuring its compliance with industry regulations.
Key responsibilities:
- Lead multiple functions, including Security Operations, Security Engineering, Application Security and Consultancy practice.
- Performance, Capacity and Line management of direct reports.
- Lead and build out the security engineering practice by establishing best practices and standards for implementation and operational management of security controls with a focus on repeatability and automation.
- Lead the security operations team in all security operations activities and initiatives. Including process management, control testing and continuous improvement activities.
- Take ownership of the effective operation of information security controls within the control framework.
- Assist in providing risk guidance for IT projects, including the evaluation and recommendation of technical controls.
- Identify control gaps/weaknesses within existing business and new business and take ownership for remediation activities
- Conduct due diligence on potential partners and new solutions and provide audit responses to internal and external clients.
- Facilitate the information security risk management process, including the reporting and oversight of treatment efforts to address negative findings.
- Identify cyber risks within the existing business and new businesses and provide clear, organised findings and recommendations. You will take ownership of the monitoring and tracking of remediation activities and mitigation plans.
- Lead in publishing up-to-date information security policies, standards, and guidelines. Oversee the approval, training, and reviewal of security policies and practices.
- Producing high-quality presentations and reports, and metrics for technical and non-technical audiences.
- Provide regular reporting on the status of the information security program, budgets and status reports on all assigned projects and activities to the CISO.
- Maintain awareness of developments in the information security industry by monitoring the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
Person specification:
- Excellent ability to communicate security and risk-related concepts to technical and non-technical audiences.
- Exhibit the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.
- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
- Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.
- Project management skills: financial / budget management, scheduling, and resource management.
- Proven experience in successfully managing security team services, ensuring the delivery of high-quality work on time and within budget.
- A high degree of initiative, dependability, and ability to work with little supervision.
- Knowledge and understanding of relevant US legal and regulatory requirements.
If you are a highly motivated and experienced information security professional with a passion for protecting information, we encourage you to apply for this exciting opportunity.
