Business Information Security Officer (BISO)

Role: ​Business Information Security Officer

Location: London - Hybrid

Position: Full time, permanent

The Business Information Security Officer (BISO) plays a pivotal role in bridging the gap between business objectives, cybersecurity and data protection strategy, focusing on excellence in protecting, detecting, resolving, mitigating, recovering and learning from potential security exposures . This role will provide execution management to ensure MS Amlin has the appropriate cybersecurity and data protection posture across its ecosystem. The BISO serves as a liaison between business leaders, cybersecurity teams, third parties, partners, market and regulatory stakeholders, promoting a strong security culture and contributing to the cyber security protection, resilience and response capabilities.

About The Job:

Embed Information Security and Data Protection Strategy

• Serve as a trusted point of contact across MS Amlin, ensuring uniformity in cybersecurity policies and practices.

• Collaborate with cross-entity security teams to implement cybersecurity policies related to security operations, incident response, application security, and infrastructure.

• Assess and contribute to the strategy to achieve and maintain appropriate information security practices, controls, resilience, risk identification and responses across MS Amlin’s estate and data landscape

• Advise, adopt and embed the information security framework and certification appropriate to our organisation and market, in line with strategic objectives and relevant jurisdictional requirements.

• Work with internal and external stakeholders to assess impact of new projects, solutions, partnerships and regulations to security and data protection posture and provide support in implementation.

Protect, Detect, Respond, Recover, Improve Management

• Enable MS Amlin’s horizon scanning for security threats, vulnerabilities, and mitigations, and work with internal and external stakeholders to best protect MS Amlin’s estate and data

• Ensure Cyber and Data Protection continual compliance and vulnerability closure for Operational Resilience, Continuity Management and other relevant regulations.

• Report on MS Amlin’s cyber security and data protection capabilities, recovery and disruption plans, with a focus on continual improvement and increasingly sophisticated testing

• Ensure MS Amlin’s disaster recovery, immutable back-up are adequate, exercised and maintained in line with business requirements.

• Determine and obtain / maintain relevant Cyber Certification and Frameworks (NIST, ISO27001,CIS, CQUEST etc)

• Assist in assessing the impact of Cyber Frameworks (NIST, new laws, regulations, and standards) on business operations and implement necessary measures for compliance.

• Ensure security content training initiatives are conducted regularly and internal/external communication regarding cybersecurity is disseminated effectively.

• Develop standards and assess risks of third party relationships on posture and data protection, advising and monitoring mitigations, providing oversight in BAU

Advocacy

• Motivate MS Amlin to prioritise cybersecurity controls and remove obstacles hindering efficient security measures.

• Work with the business to incorporate security-by-design principles into projects, architecture, infrastructure, and applications.

• Work with cross-entity, cross-market and cross-value chain stakeholders to establish and embed information security and data protection standards, resilience, response and recovery capabilities and continually mature to maintain posture within tolerances

• Represent MS Amlin internally and externally with professionalism and integrity

Dimensions

• The BISO reports into the Head of Operational and Cyber Resilience and the into Operations Director (SMF24).

• The job holder will also work closely with the MS Amlin COO, IBS and Resource Owners, MS ABS (our internal Service Company), other senior stakeholders and with counterparts across Operations, Line 2, Line 3 and Service Providers to monitor and resolve issues and align capabilities with resilience monitoring, management, remediation.

• Preparation of regulatory reporting inputs to FCA, Lloyd’s, the PRA, Auditors and Board members.

• Draft high quality and reliable MI packs and Board papers, providing insight and in-depth analysis to senior stakeholders

You’re going to enjoy this job if you also:

• Flourish in fast paced, dynamic environments where you can shape solutions and influence outcomes

• Enjoy advocating, creating buy-in and engagement across a range of views and stakeholders

• Have a strong eye for detail

• Can convey complex messages and concepts simply, with focus on the core issues and recommendations

What you’ll need:

For this particular role there are some important qualifications and experience we need you to have. These include:

• Knowledge of national and global cybersecurity policies, regulations, and frameworks.

• Familiarity with a wide range of cybersecurity solutions and technologies.

• Experience in response and recovery capabilities.

• Knowledge of data protection, classification and relevant regulations and laws.

• Good written and verbal communication skills, with the ability to engage stakeholders at all levels.

• Understanding of business processes and the ability to integrate cybersecurity seamlessly.

• Experience in financial services and preferably Insurance/ Lloyd’s market

• Experience in cybersecurity and/or information technology and project management

• Knowledge of data protection practices, third party assessment and operational resilience

• Knowledge of  complex regulatory and contractual requirements and an ability to create effective compliance systems

• Proven experience of working with IT security systems and information security governance, i.e.,control frameworks, incident management, operations and application of security best-practices.

• Familiarity with vendor security risk and data protection reviews and controls

• Certification such as CISSP, CISM, CRISC, or CISA preferred but not essential

What you can expect from us:

• Competitive Base Salary

• Performance Related Discretionary Bonus

• Holiday: 28 days core annual leave, and you can buy up to 5 days

• Pension: A minimum 2% employee contribution plus 7% MS Amlin contribution (9%) up to a maximum of 5% employee contribution plus 13% MS Amlin contribution (18%)

• Private Medical: cover for yourself. Family members/dependants can be added.

• Flex Fund: £1,000 (pro-rated based on start date) to spend on flexible benefits. 

• Life Assurance: 10 x annualised base salary

• Enhanced Parental Leave (maternity and paternity): 6 months full pay, entitled from day 1. 

• Continuous Learning Approach: Including study support with professional qualifications.

• Employer Supported Volunteering: 3 days volunteering leave.

• Annual health screening

• Give as you earn

• Cycle to work

• Season ticket loan

• Green car scheme  

• Retail discount platform

About MS Amlin:

MS Amlin is part of a global top-10 insurance group, MS&AD. We’re made up of four distinct businesses covering global reinsurance, Lloyd's franchise, local specialty insurer, and business services.

#LI-MSAUL