Information Assurance Manager
Information Assurance Manager
Technology will drive business value for Lloyd's of London and its customers by delivering effective and efficient IT services that embrace innovation for competitive advantage, whilst leveraging its global scope to standardise and integrate platforms and secure the highest value from strategic partnership through optimal sourcing.
Lloyd's is the world's specialist insurance and reinsurance market.
With expertise earned over centuries, Lloyd's is the foundation of the insurance industry and the future of it. Led by expert underwriters and brokers who cover more than 200 territories, the Lloyd's market develops the essential, complex and critical insurance needed to underwrite human progress.
Backed by diverse global capital and excellent financial ratings, Lloyd's works with a global network to grow the insured world--building resilience for businesses and local communities and strengthening economic growth around the world.
The role holder will be responsible for implementing, maintaining and further developing strategic components of the Lloyd's IT Strategy and the supporting Cyber Security Strategy.
The overall purpose of the role is to drive robust information assurance management (Level1) practices through the provision of a comprehensive "first line of defense" service to the business.
What Will You Do?
- Overall is accountable for ensuring that all elements of IT strategic, tactical and operational both in-house and outsourced are considered and addressed to ensure and assure the ongoing protection of Lloyd's information assets commensurate with the risk they and Lloyd's face.
- Develops, promotes and regularly maintains information security and assurance policies, standards, guidelines and procedures appropriate to business, technology and legal requirements and in accordance with best professional and industry practice. Ensures effective cross-referencing to other Corporation policies and standards and ensures IT policies and procedures are compliant with regulatory and legal requirements.
- Through pro-active compliance work, uses current good practice assurance management methods, tools and techniques to identify deficiencies and potential exposures of all logical, physical and procedural components of information assets that support business critical processes. Defines and gains ownership and approval to prioritised actions to address the potential exposures to a level approved by the organisation's senior management.
- Prepares, maintains and communicates a strategy and plan for Information Assurance that addresses the evolving business risk and information control requirements, and is aimed at fulfilling the requirements of the Lloyd's Cyber Security Strategy. Ensures effective governance through holding and reporting to regular steering group meetings with cross-organisation representation.
- Working with other stakeholders, incorporate the needs of EU-GDPR into breach notification and incident management procedures.
- Reports to senior management on the major risks and exposures faced by Lloyd's from cyber related threats and incidents and leads/assists in investigating and directing the response to incidents should they occur. Further, ensures that all information security weaknesses and issues are reported to the appropriate entities in accordance with Corporation policies and legal and regulatory requirements.
- Manages the assurance of business related digital services where digital protection of the Corporation, its brand, image and reputation and information assets are a key business driver.
- Operates as a focus for information assurance expertise for the organisation, providing authoritative advice and guidance on the application and operation of all types of security control, including legislative or regulatory requirements and how they apply to IT and business processes.
- Provides advice and guidance and consultative support to IT, business areas and market initiatives. Researches IT assurance related issues and recommends appropriate solutions, while recognising the commercial impact of solutions proposed and ensuring the correct identification, evaluation and subsequent implementation of them.
- Develops and provides Information security and assurance protection training, education and awareness programmes for staff across Lloyd's. Provides presentations and publication material on information assurance management related issues in line with IT and Marketing & Communications requests.
What You'll Need
- Comprehensive understanding of IT assurance, security, continuity and recovery and can demonstrate significant knowledge, skills and experience in developing and managing successful assurance programmes and teams in the financial services sector or another industry sector similarly regulated.
- Thoroughly conversant with all components of IT assurance management and be able to demonstrate current extensive practical knowledge of these gained within a large organisation.
- Proven track record in the delivery of effective IT assurance.
- Full understanding of control principles and practices and is able to apply excellent written, oral, and presentation skills to describe findings, conclusions and recommend solutions.
- Ability to analyse and understand business requirements in a technology context from both in-house and outsourced perspectives.
- Comprehensive knowledge of legislative and regulatory expectations and requirements, notably from but not limited to a UK and EU perspective.
- Experience of working in the Financial Services/regulatory environment
- Compliance monitoring experience, preferably in a financial services environment.
- Experience of technical report writing for senior stakeholders/board members and risk committees.
- Experience in the adoption, implementation and maintenance of ISO27001, CoBIT and NIST based control frameworks.
- Qualifications in an IT Assurance/Information Security discipline (eg MSc, CISSP or CISM) and/or an audit discipline (eg CISA).
As the successful candidate, you can expect to be rewarded with a competitive salary, an enviable range of benefits.
Please apply now.
At Lloyd's we believe that innovation comes from having an inclusive culture of equality and diversity. We use ClearTalents to discover how we might help you feel welcomed, supported and able to do as well as you can when applying to work for us, including identifying any reasonable adjustments that we may need to make.
Please note you will still need to complete you application in order to be considered for this role.