Cyber GRC Manager
Description:
Lloyd’s is the world’s leading insurance and reinsurance marketplace. We share the collective intelligence and risk sharing expertise of the market’s brightest minds, working together for a braver world.
Our role is to inspire courage, so tomorrow’s progress isn’t limited by today’s risks.
Our shared values: we are brave; we are stronger together; we do the right thing; guide what we do and how we act. If you share our values and our passion to build a future that’s more sustainable, resilient and inclusive, you’ll find a home at Lloyd’s – build a braver future with us.
Lloyd’s are seeking to recruit a Cyber GRC Manager you will develop and maintain an agile security governance and controls assurance framework to protect Lloyd’s technology and identify, prioritise and report on security risks and issues quickly and efficiently. This role reports directly to the Head Security Services (Deputy CISO).
Principal Responsibilities and Accountabilities
Identify and prioritise cyber security risks faced by Lloyd’s, for example from threat assessments,
red / blue team exercises, audits, etc. as the Risk Representative, working closely with the CISO
and Cyber leadership.
Manage Lloyd’s cyber security risks through the Enterprise Risk Framework processes including
the 6-monthly Risk and Controls Self-Assessment process.
Establish rigorous tracking and workflow for security remediation actions.
Maintain a practical and action-focused security governance framework.
Co-ordinate and manage the Lloyd’s cyber security governance forums.
Create and maintain real time, automated dashboard reporting to present first line’s view of
Lloyd’s exposure to cyber risk and future risk reduction journeys.
Create and implement a third-party security assurance framework
Maintain a repository of controls evidence, aligned to a unified security controls framework, to
make global regulatory reviews, audits and customer assurance requests efficient
Co-ordinate cyber-focussed global regulatory reviews and engagement with regulators.
Co-ordinate Lloyd’s cyber insurance questionnaires and reviews
Maintain Lloyd’s security related policies, standards and procedures and manage the processes
to assess and assure compliance
Develop and maintain the unified security controls framework, aligned to industry good practice
Co-ordinate and maintain Lloyd’s Information Security Management system and ISO27001
certification
Skills, Knowledge and Experience
Deep knowledge of security controls and how these can be applied and verified in an
organisation, including industry best practice.
Deep knowledge of security risks and how they can manifest in an organisation.
Deep knowledge of the techniques and approaches available to remediate security risks.
Strong practical knowledge of people, process and technology practices in Information Security.
Robust understanding of how different cyber risks can materialise across the layers of defence.
Knowledge of information security governance principles and compliance expectations.
Knowledge of good security practice and IT standards and frameworks including ISO27000
series, NIST Cyber Security Framework and COBIT.
Knowledge of data protection legislation.
Knowledge of financial services, governance processes and regulatory requirements.
Experience in managing security controls framework.
Experience in verifying or assuring the effectiveness of controls are protecting assets, critical or
otherwise.
Have implemented and/or maintained ISO27001 or similar.
Extensive experience in identifying and assessing security risks, preferably in a regulated
industry.
Extensive experience in collating and prioritising diverse information regarding security risks into
insightful reporting and clear remediation plans.
Experience embedding security governance policies and procedures and communicating these
to others.
Experience in implementing third party security assurance processes and frameworks.
Continuously improving security processes with a focus on managing risk.
Being a team player, collaborating effectively with colleagues
Identifying stakeholders and creating effective communication plans
Motivating people and fostering a culture of openness and responsibility
Undergraduate degree in a relevant field (e.g. Computer Engineering, Computer Science,
Information Security) is desirable but not essential
Professional certifications in the security domain are preferred but not essential. For the
successful candidate we will support achieving relevant certifications after recruitment
Diversity and inclusion are a focus for us – Lloyd’s aim is to build a diverse, inclusive environment that reflects the global markets we work in. One where everyone is treated with dignity and respect to achieve their full potential. In practice, this means we are positive and inclusive about making workplace adjustments, we offer regular health and wellbeing programmes, diversity and inclusion training, employee networks, mentoring and volunteering opportunities as well as investment into your professional development. You can read more about diversity and inclusion on our website.
We understand that our work/life balance is important to us all and that a hybrid of working from the office and home can offer a great level of flexibility. Flexible working forms part of a total reward approach which offers a host of other benefits over and above the standard offering (generous pension, healthcare, wellbeing etc). These include financial support for training, education & development, a benefit allowance (to spend on our flexible benefits such as gym membership, dental insurance, extra holiday or to partake in our cycle to work scheme), employee recognition scheme and various employee discount schemes.
By choosing Lloyd's, you'll be part of a team that brings together the best minds in the industry, and together with our underwriters and brokers, we create innovative, responsive solutions allowing us to share risk and solve complex problems.
Should you require any additional support with your application, or any adjustments, please click the following link;
Please note, clicking on this link does not register your application for the vacancy
R4515