Lloyd’s is the world’s leading insurance andreinsurance marketplace. We share the collective intelligence and risk sharing expertise of the market’s brightest minds, working together for a braver world.
Our role is to inspire courage, so tomorrow’s progress isn’t limited by today’s risks.
Our shared values: we are brave; we are stronger together; we do the right thing; guide what we do and how we act. If you share our values and our passion to build a future that’s more sustainable, resilient and inclusive, you’ll find a home at Lloyd’s – build a braver future with us.
Lloyd’s are seeking to recruit a Head of Information Security Services. You will Safeguard our digital assets, managing security teams and partners, and ensuring compliance with regulatory requirements. As a candidate you should be a highly skilled and experienced Head of Information Security Services and will support the CISO in leading our cybersecurity strategy and operations. This position requires a strategic thinker, operational excellence, and with leadership, technical, and communication skills.
Principal Accountabilities
1. Assists the CISO in developing and implementing the organisation’s cybersecurity strategy
2. Prioritise and align security initiatives with business goals and regulatory requirements
3. Oversees day-to-day security operations, including incident response, threat detection, and vulnerability management. Delivery of continuous improvement across all security domains key performance indicators
4. Manage the relationship with and performance of our security partners (Accenture, ReliaQuest, Mandiant)
5. Act as the lead for strategic transformational security projects (e.g. Identity and access mgt transformation)
6. Coordinates with IT, legal, compliance, and risk teams to ensure security policies are enforced
7. Regulatory Compliance for IT and Cyber Security: Meeting regulatory requirements, responding to audits, and ensuring audit actions are completed
8. Third-Party Security: Develop and maintain a third-party security assurance framework including completing security checks and risk assessments for third parties
9. Information Security Management System (ISMS): Manage and improve the Corporation’s ISMS, maintain ISO27001 certification and prioritise security measures for development and fixing issues
10. Manages security teams and specific functions: Security Operations Centre (SOC), Governance, Risk, and Compliance (GRC), Identity and Access Management (IAM) and Data Protection
11. Influences Lloyd’s leadership team to adopt security measures, while also enabling business outcomes
12. Represents Lloyd’s in Industry and market collaboration groups, leading improvement initiatives
13. Mentors and develops cybersecurity staff, ensuring a talent pipeline for long term succession
14. Identifies, assesses, and mitigates cybersecurity risks, working closely with the Risk function
15. Supports audits, compliance checks, and risk assessments and ensures appropriate closure of actions
16. Acts as a liaison between technical teams and executive leadership
17. Prepares reports and presentations on security metrics, incidents, and risk posture – the reports are crisp, concise and compelling resulting in action to improve Lloyd’s security posture
Skills Knowledge and Experience
18. Proven track record in information security leadership at a senior level, for a large organisation
19. Developing and implementing risk/threat based strategic plans
20. Operating security services and improving them over time
21. Engaging with regulators and responding to regulatory audits
22. Third party security assurance activity
23. Performing risk and compliance reviews on systems/processes
24. Deep practical knowledge of the people, process, and technology components of Information Security.
25. Broad understanding of information technology with depth in at least one domain.
26. How different cyber risks can materialise across the layers of defence.
27. Passionate about staying abreast of the threat landscape, exploits, attacker tools, techniques and procedures, and latest security technologies.
28. Industry frameworks such as NIST Cyber Security Framework, Centre for Internet Security (CIS) Critical Security Controls (CSC), ISO 27001, MITRE ATT&CK, Cyber Kill Chain, etc.
29. Technical knowledge of cyber security preventative controls and good practice standards
30. Handling multiple projects at once, making the best use of limited resources, and providing clear reports on progress, benefits, and risks
31. Building and managing high-performing teams and supporting growth. Motivating people and fostering a culture of openness and responsibility
32. Identifying stakeholders and influencing them to improve security, collaboration with Experts: Working well with technical experts and technology leaders