This Job Vacancy has Expired!

Head of Cyber Risk & Assurance

Barclay Simpson Recruitment

Posted on Mar 30, 2022 by Barclay Simpson Recruitment

London, United Kingdom
Immediate Start
Daily Salary

Regional Head of Cyber Risk & Assurance required for a global insurance firm. The purpose of the role is to lead the Cyber Risk & Assurance tower of the Regional Information Security team, ensuring all risk & assurance activities are operating effectively and contributing towards understanding, providing assurance on and improving the firm's EMEA's cyber risk posture. This includes management of the regional Third-Party Cyber Risk Management programme. You have responsibility for ensuring an appropriate cyber governance model is in place and operating effectively in its oversight of cyber risk management.

This is a leadership position that requires the management of a team of direct reports as well as establishing relations with the regional ERM team, risk owners, control owners and other business & IT leaders across the organisation.

Key Responsibilities

  • Responsible for implementation of the Cyber Risk Management Framework in the region. Work with the Global Head of Risk & Assurance to build and enhance the framework where required.
  • Establishment and operationalisation of a Cyber Risk governance model in the region ensuring effective management oversight of Information Security risks and control activities.
  • Drive the Risk & Control Self-Assessment (RCSA) process in the region ensuring risks and controls are regularly assessed by the respective owners.
  • Have continued dialogue with control owners to ensure that control remediation plans are in place where required and completed by agreed target dates.
  • Coordinate any required controls assurance activity per direction from the Global Head of Risk & Assurance.
  • Management of the Third-Party Cyber Risk Management (TPCRM) programme in the region ensuring alignment of processes and artefacts to direction from the Global Head of Risk & Assurance.
  • Perform oversight of regional Information Security issues ensuring issues are rated correctly, remediation plans are appropriate to address the issue, remediation plans are completed per agreed target dates, etc.
  • Produce risk-based reporting for the Regional Information Security team to address regional requirements as well as global requirements per direction from the Global Head of Risk & Assurance.
  • Manage regulator/customer enquiries about the firm's Cyber Risk posture by responding to incoming questionnaires/requests. Collaborate with Risk, Compliance and/or any other team required to be engaged in fulfilling the requests.
  • Manage and coordinate the regional policy exception process.
  • Contribute to annual reviews of Information Security policies, standards, procedures and/or guidelines.
  • Work in collaboration with the Global Cyber Security Awareness team and Country Information Security Managers to deliver Cyber Risk training for staff across the region.
  • Maintain regular dialogue with the regional ERM team addressing any challenge/oversight questions and/or requests for reporting.
  • Management of direct reports including performance appraisals.


  • Ten+ years of experience in Cyber Security or technology risk management areas.
  • Experience of leading an effective Cyber Risk Management programme.
  • Experience of working with key Operational Risk processes such as RCSAs, loss event management, KRI & KCI production, risk reporting, controls assurance, etc. in a first or second line of defence capacity.
  • Knowledge of information security standards and frameworks (eg, ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) or attestation reports (eg SOC 1/2)
  • Understanding of basic cyber security and IT concepts, such as networks, vulnerabilities, types of cyber-attacks etc.
  • Strong stakeholder management skills, including technical members of staff and senior executives, including stakeholder negotiation, and influencing.
  • Strong knowledge and understanding of key Information Security controls/processes
  • Ability to understand and analyse complex business processes and technologies to make sound recommendations to non-technical constituents
  • Experience interpreting and applying information security standards and frameworks (eg, ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) or attestation reports (eg, SOC 1/2)
  • Use and knowledge of Governance, Risk and Compliance platforms.
  • Experience working in transformation or continual improvement programmes.
  • Experience within the financial services industry preferred
  • Proficient use of personal computers and Microsoft Office Suite
  • Ability to multitask and manage competing priorities
  • Excellent time management and organizational skills
  • Excellent interpersonal and conflict management skills
  • Excellent written and verbal communication skills

As an ideal candidate, you will have an industry certification such as CISSP/CISM/CRISC. You will have expert knowledge of Information Security & Risk Management. You will also have a proven track record of delivery in a similar role. This role can also be offered as a temp to perm if preferred.

Reference: 1546556389

Set up alerts to get notified of new vacancies.