Arthur are delighted to be partnered with a leading insurance broker in London who are looking for a Cyber Security Director join the business on a permanent basis.
Summary: We are seeking a Director, Cyber Security to lead the ongoing development and delivery of a comprehensive regional and business-focused strategy for information security. Reporting to the Group Head of IT Risk & Security, you will be responsible for aligning our security measures with business objectives, ensuring compliance with regulatory requirements, and managing the overall cyber posture of our organisation. This role involves collaboration with vendors, outsourced partners, and internal stakeholders to implement effective security practices and technologies. Key Responsibilities: Strategy:
Develop and deliver business-aligned information security strategic objectives.
Establish and refresh annually a comprehensive information security framework and program.
Create and report on information security success targets.
Maintain a yearly information security roadmap aligned with business risk appetite.
Present roadmap status updates to the board and executives on a monthly basis.
Risk Management:
Conduct periodic business and information security risk assessments.
Manage third-party information security risk framework and program.
Facilitate responses to internal and external security audits and assessments.
Perform risk assurance reviews and assist in cyber insurance policy assessments.
Governance:
Provide guidance to board, executives, and business units on information security and risk.
Develop executive-level security updates and reports for governance purposes.
Contribute to the development of information security policies, standards, and controls.
Collaborate with privacy office to meet privacy legislation requirements.
Establish and facilitate periodic information security meetings across all business units.
Operations:
Deliver Group-wide information security training and awareness programs.
Maintain an Information Security asset register.
Develop and test incident response plans and manage incidents effectively.
Coordinate penetration tests, disaster recovery, and business continuity planning.
Ensure vulnerability and patch management services meet service levels.
Oversee the effectiveness of MDR, SIEM, and SOAR services.
Assist in security risk assessments for applications, infrastructure, and network architecture.
Understanding the Business:
Develop a deep understanding of AUB Group and local businesses.
Keep abreast of industry, regulatory, and contractual obligations.
Regulatory Requirements:
Ensure compliance with company policies and regulatory requirements, including those set by the Financial Conduct Authority.
Education / Training / Qualifications:
Degree in information security, computer science, or related field (desirable).
Professional certifications such as CISM, CISP, CISA, CRISC, GSLC, Security+ (desirable).
Knowledge / Skills / Abilities:
Experience leading an information security function.
Strong knowledge of information security frameworks (ISO/IEC 27001, NIST CSF, CIS18).
Understanding of security functional areas and principles.
Competent understanding of technology, networking, cloud, and SDLC.
Experience consulting and presenting to executive-level stakeholders.
Excellent leadership, negotiation, problem-solving, and interpersonal skills.
Excellent written and verbal communication skills.
Base understanding of Insurance (desirable).
Competent understanding of relevant legislation and regulation (desirable).
For further information, please apply for immediate review!
