Business Information Security Officer, UK & EMEA
other jobs Appcast Enterprise
Added before 50 Days
- England,London
- full-time
- Competitive salary
Job Description:
Introduction
Indulge your passion for problem-solving and embrace the thrill of addressing risk head-on at Gallagher’s global brokerage team. Join a family of diverse minds, united by a relentless pursuit of excellence. As part of our team, you’ll be the architect of protection, safeguarding businesses and empowering their ambitions. Together, we’ll build a legacy of trust and triumph in the dynamic world of risk management.
We believe that every candidate brings something special to the table, including you! So, even if you feel that you’re close but not an exact match, we encourage you to apply.
Overview
The Business Information Security Officer (BISO) functions as the cyber and information security leader for Gallagher UK & EMEA. The BISO reports up to the Global Chief Information Security Officer (CISO) with a strong dotted line reporting relationship to the UK & EMEA Chief Information Officer (CIO) to help support the achievement of both enterprise-level and divisional information security strategies, objectives, and obligations.
The BISO works in close collaboration with Corporate and divisional leaders across all business, legal, central services and technology teams to identify, assess, prioritise and manage information security risk within the division.
Key areas of responsibility include information security risk management, system security, data protection, compliance, training, audits, managing mergers and acquisition risk, and executive-level reporting and communications.
This role includes performing significant management certification function and as a minimum, your fitness and propriety to perform the role will be assessed annually. Gallagher will issue your certificate prior to performing the role and at least annually thereafter.
How you’ll make an impact
* Establish excellent working relationships and maintain ongoing communication / transparency with divisional leaders and members of the Global Cyber and Information Security team, and other key stakeholders.
* Provide guidance to the UK & EMEA CIO and the Global CISO on existing divisional security gaps, associated risks, and prioritisation of remediation activities.
* Coordinate with the Global Cyber and Information Security team, divisional IT Compliance Leads to ensure a consistent approach is followed during execution of information security processes and procedures.
* Raise awareness to technology and business application owners about relevant application security processes and provide oversight and assurance the division’s application inventory is accurately captured and inventoried.
* Work with the Incident Response Team to assist in coordinating the overall response and recovery activities for security incidents.
* Define, prepare, and distribute divisional cybersecurity metrics to the Global CISO, Divisional CIO, and executive teams around key divisional IT security and performance indicators.
* Ensure alignment with and promote the Global IT Policies and Standards Manual (GITPSM), including key controls, between the division, enterprise cyber security team, and technology leads.
* Ensure all applicable regulatory, legal, compliance and contractual obligations are properly interpreted and continuously met by the security program. Stay abreast of external requirements, trends, and best practices.
* Increase security maturity and reduce risk across designated divisions by identifying and driving implementation of leading cyber security standards, practices and controls (ISO/IEC 27001, SOC 1, SOC 2, HITRUST, etc.).
* Counsel divisional IT management on security requirements for acquisitions and mergers and the vetting and procurements of new applications and technology platforms.
* Coordinate with the Global Cyber and Information Security team, divisional IT Compliance Leads, and other divisional BISOs in the creation of a Cyber Security Governance Framework.
* Take responsibility for Compliance Operations, including audit preparation and liaison with internal and external auditors
About You
* Previous experience in an Information Security Leadership role gained preferably in the Insurance or Financial Services industry.
* Previously held a Certified role or demonstrates a good understanding of the requirements.
* Excellent understanding of information security risk management methodologies and regulatory requirements pertaining to information security, and/or data security.
* Experience with security and control standards, frameworks, and best practices (e.g. ISO 27001, NIST, COBIT, COSO)
* Ability to interpret and apply policies and regulations across a large, complex business.
* Demonstrated leadership of multiple projects or a portfolio of projects with cross-functional stakeholder groups
* Significant people development and management experience is essential
* Ability to build rapport, establish credibility and to engage and influence stakeholders at all levels, internally and externally.
* Results-oriented mind-set with a drive for growth
* Experience of working in a global, matrix-managed organisation, with the upmost integrity and confidentiality
* Eligible to work in the UK.
* Ability to travel as required
Compensation and benefits
On top of a competitive salary, great teams and exciting career opportunities, we also offer a wide range of benefits.
Below are the minimum core benefits you’ll get, depending on your job level these benefits may improve:
* Minimum of 25 days holiday, plus bank holidays, and the option to ’buy’ extra days
* Defined contribution pension scheme, which Gallagher will also contribute to
* Life insurance, which will pay 4x your basic annual salary, which you can top-up to 10x
* Income protection, we’ll cover up to 50% of your annual income, with options to top up
* Health cash plan or Private medical insurance
Other benefits include:
Three fully paid volunteering days pe
Indulge your passion for problem-solving and embrace the thrill of addressing risk head-on at Gallagher’s global brokerage team. Join a family of diverse minds, united by a relentless pursuit of excellence. As part of our team, you’ll be the architect of protection, safeguarding businesses and empowering their ambitions. Together, we’ll build a legacy of trust and triumph in the dynamic world of risk management.
We believe that every candidate brings something special to the table, including you! So, even if you feel that you’re close but not an exact match, we encourage you to apply.
Overview
The Business Information Security Officer (BISO) functions as the cyber and information security leader for Gallagher UK & EMEA. The BISO reports up to the Global Chief Information Security Officer (CISO) with a strong dotted line reporting relationship to the UK & EMEA Chief Information Officer (CIO) to help support the achievement of both enterprise-level and divisional information security strategies, objectives, and obligations.
The BISO works in close collaboration with Corporate and divisional leaders across all business, legal, central services and technology teams to identify, assess, prioritise and manage information security risk within the division.
Key areas of responsibility include information security risk management, system security, data protection, compliance, training, audits, managing mergers and acquisition risk, and executive-level reporting and communications.
This role includes performing significant management certification function and as a minimum, your fitness and propriety to perform the role will be assessed annually. Gallagher will issue your certificate prior to performing the role and at least annually thereafter.
How you’ll make an impact
* Establish excellent working relationships and maintain ongoing communication / transparency with divisional leaders and members of the Global Cyber and Information Security team, and other key stakeholders.
* Provide guidance to the UK & EMEA CIO and the Global CISO on existing divisional security gaps, associated risks, and prioritisation of remediation activities.
* Coordinate with the Global Cyber and Information Security team, divisional IT Compliance Leads to ensure a consistent approach is followed during execution of information security processes and procedures.
* Raise awareness to technology and business application owners about relevant application security processes and provide oversight and assurance the division’s application inventory is accurately captured and inventoried.
* Work with the Incident Response Team to assist in coordinating the overall response and recovery activities for security incidents.
* Define, prepare, and distribute divisional cybersecurity metrics to the Global CISO, Divisional CIO, and executive teams around key divisional IT security and performance indicators.
* Ensure alignment with and promote the Global IT Policies and Standards Manual (GITPSM), including key controls, between the division, enterprise cyber security team, and technology leads.
* Ensure all applicable regulatory, legal, compliance and contractual obligations are properly interpreted and continuously met by the security program. Stay abreast of external requirements, trends, and best practices.
* Increase security maturity and reduce risk across designated divisions by identifying and driving implementation of leading cyber security standards, practices and controls (ISO/IEC 27001, SOC 1, SOC 2, HITRUST, etc.).
* Counsel divisional IT management on security requirements for acquisitions and mergers and the vetting and procurements of new applications and technology platforms.
* Coordinate with the Global Cyber and Information Security team, divisional IT Compliance Leads, and other divisional BISOs in the creation of a Cyber Security Governance Framework.
* Take responsibility for Compliance Operations, including audit preparation and liaison with internal and external auditors
About You
* Previous experience in an Information Security Leadership role gained preferably in the Insurance or Financial Services industry.
* Previously held a Certified role or demonstrates a good understanding of the requirements.
* Excellent understanding of information security risk management methodologies and regulatory requirements pertaining to information security, and/or data security.
* Experience with security and control standards, frameworks, and best practices (e.g. ISO 27001, NIST, COBIT, COSO)
* Ability to interpret and apply policies and regulations across a large, complex business.
* Demonstrated leadership of multiple projects or a portfolio of projects with cross-functional stakeholder groups
* Significant people development and management experience is essential
* Ability to build rapport, establish credibility and to engage and influence stakeholders at all levels, internally and externally.
* Results-oriented mind-set with a drive for growth
* Experience of working in a global, matrix-managed organisation, with the upmost integrity and confidentiality
* Eligible to work in the UK.
* Ability to travel as required
Compensation and benefits
On top of a competitive salary, great teams and exciting career opportunities, we also offer a wide range of benefits.
Below are the minimum core benefits you’ll get, depending on your job level these benefits may improve:
* Minimum of 25 days holiday, plus bank holidays, and the option to ’buy’ extra days
* Defined contribution pension scheme, which Gallagher will also contribute to
* Life insurance, which will pay 4x your basic annual salary, which you can top-up to 10x
* Income protection, we’ll cover up to 50% of your annual income, with options to top up
* Health cash plan or Private medical insurance
Other benefits include:
Three fully paid volunteering days pe
Job number 1524807