Role:Business Information Security Officer
Location: London - Hybrid
Position: Full time, permanent
The Business Information Security Officer (BISO) plays a pivotal role in bridging the gap between business objectives, cybersecurity and data protection strategy, focusing on excellence in protecting, detecting, resolving, mitigating, recovering and learning from potential security exposures . This role will provide execution management to ensure MS Amlin has the appropriate cybersecurity and data protection posture across its ecosystem. The BISO serves as a liaison between business leaders, cybersecurity teams, third parties, partners, market and regulatory stakeholders, promoting a strong security culture and contributing to the cyber security protection, resilience and response capabilities.
About The Job:
Embed Information Security and Data Protection Strategy
Serve as a trusted point of contact across MS Amlin, ensuring uniformity in cybersecurity policies and practices.
Collaborate with cross-entity security teams to implement cybersecurity policies related to security operations, incident response, application security, and infrastructure.
Assess and contribute to the strategy to achieve and maintain appropriate information security practices, controls, resilience, risk identification and responses across MS Amlin’s estate and data landscape
Advise, adopt and embed the information security framework and certification appropriate to our organisation and market, in line with strategic objectives and relevant jurisdictional requirements.
Work with internal and external stakeholders to assess impact of new projects, solutions, partnerships and regulations to security and data protection posture and provide support in implementation.
Protect, Detect, Respond, Recover, Improve Management
Enable MS Amlin’s horizon scanning for security threats, vulnerabilities, and mitigations, and work with internal and external stakeholders to best protect MS Amlin’s estate and data
Ensure Cyber and Data Protection continual compliance and vulnerability closure for Operational Resilience, Continuity Management and other relevant regulations.
Report on MS Amlin’s cyber security and data protection capabilities, recovery and disruption plans, with a focus on continual improvement and increasingly sophisticated testing
Ensure MS Amlin’s disaster recovery, immutable back-up are adequate, exercised and maintained in line with business requirements.
Determine and obtain / maintain relevant Cyber Certification and Frameworks (NIST, ISO27001,CIS, CQUEST etc)
Assist in assessing the impact of Cyber Frameworks (NIST, new laws, regulations, and standards) on business operations and implement necessary measures for compliance.
Ensure security content training initiatives are conducted regularly and internal/external communication regarding cybersecurity is disseminated effectively.
Develop standards and assess risks of third party relationships on posture and data protection, advising and monitoring mitigations, providing oversight in BAU
Advocacy
Motivate MS Amlin to prioritise cybersecurity controls and remove obstacles hindering efficient security measures.
Work with the business to incorporate security-by-design principles into projects, architecture, infrastructure, and applications.
Work with cross-entity, cross-market and cross-value chain stakeholders to establish and embed information security and data protection standards, resilience, response and recovery capabilities and continually mature to maintain posture within tolerances
Represent MS Amlin internally and externally with professionalism and integrity
Dimensions
The BISO reports into the Head of Operational and Cyber Resilience and the into Operations Director (SMF24).
The job holder will also work closely with the MS Amlin COO, IBS and Resource Owners, MS ABS (our internal Service Company), other senior stakeholders and with counterparts across Operations, Line 2, Line 3 and Service Providers to monitor and resolve issues and align capabilities with resilience monitoring, management, remediation.
Preparation of regulatory reporting inputs to FCA, Lloyd’s, the PRA, Auditors and Board members.
Draft high quality and reliable MI packs and Board papers, providing insight and in-depth analysis to senior stakeholders
You’re going to enjoy this job if you also:
Flourish in fast paced, dynamic environments where you can shape solutions and influence outcomes
Enjoy advocating, creating buy-in and engagement across a range of views and stakeholders
Have a strong eye for detail
Can convey complex messages and concepts simply, with focus on the core issues and recommendations
What you’ll need:
For this particular role there are some important qualifications and experience we need you to have. These include:
Knowledge of national and global cybersecurity policies, regulations, and frameworks.
Familiarity with a wide range of cybersecurity solutions and technologies.
Experience in response and recovery capabilities.
Knowledge of data protection, classification and relevant regulations and laws.
Good written and verbal communication skills, with the ability to engage stakeholders at all levels.
Understanding of business processes and the ability to integrate cybersecurity seamlessly.
Experience in financial services and preferably Insurance/ Lloyd’s market
Experience in cybersecurity and/or information technology and project management
Knowledge of data protection practices, third party assessment and operational resilience
Knowledge of complex regulatory and contractual requirements and an ability to create effective compliance systems
Proven experience of working with IT security systems and information security governance, i.e.,control frameworks, incident management, operations and application of security best-practices.
Familiarity with vendor security risk and data protection reviews and controls
Certification such as CISSP, CISM, CRISC, or CISA preferred but not essential
What you can expect from us:
Competitive Base Salary
Performance Related Discretionary Bonus
Holiday:28 days core annual leave, and you can buy up to 5 days
Pension:A minimum 2% employee contribution plus 7% MS Amlin contribution (9%) up to a maximum of 5% employee contribution plus 13% MS Amlin contribution (18%)
Private Medical:cover for yourself. Family members/dependants can be added.
Flex Fund:£1,000 (pro-rated based on start date) to spend on flexible benefits.
Life Assurance:10 x annualised base salary
Enhanced Parental Leave (maternity and paternity):6 months full pay, entitled from day 1.
Continuous Learning Approach:Including study support with professional qualifications.
Employer Supported Volunteering:3 days volunteering leave.
Annual health screening
Give as you earn
Cycle to work
Season ticket loan
Green car scheme
Retail discount platform
About MS Amlin:
MS Amlin is part of a global top-10 insurance group, MS&AD. We’re made up of four distinct businesses covering global reinsurance, Lloyd's franchise, local specialty insurer, and business services.
#LI-MSAUL