Head of Cyber Governance, Risk, and Compliance (GRC)

​​Location:​ ​London​  

​​Contract Type:​ ​Permanent​ 

​​Work Pattern:​ ​Full Time​ ​and​ ​Hybrid​ (2 days in London)

About The Role 

We are seeking an experienced and visionary Head of Cyber GRC to establish and lead a comprehensive Line 1 Governance, Risk, and Compliance (GRC) capability for the security function. Reporting directly to the Chief Information Security Officer (CISO), this role will be responsible for designing, implementing, and managing a GRC framework that supports the MS ABS cybersecurity strategy, ensures compliance with regulations, and drives a culture of security awareness. The role will also encompass third-party risk management and fostering a strong security culture across MS ABS. 

MS Amlin is part of a global top-10 insurance group, MS&AD. We’re made up of four distinct businesses covering Global Reinsurance, Lloyds Franchise, Local Specialty Insurer, and Business Services  
 

MS Amlin Business Services (MS ABS) supports the organisation through legal, HR, facilities management, IT, risk management, compliance, and finance. Our vision is to be a trusted partner and solution provider of choice. 

​​What You’ll Spend Your Time Doing​ 

• Build and Lead the Cyber GRC Capability 

• Implement and maintain and ICT Risk management framework 

• Own and manage the TPRM security due diligence  

• Ensure the security program is aligned with Regulatory and Compliance frameworks such as NIST, ISO27001 

• Drive Security Culture and Awareness 

• Lead on the stakeholder management with IT, Legal, procurement and other business units ensuring their security needs are managed and regularly reported 

​​You’re Going To Enjoy This Job If You…​ 

• Have a passion for developing and leading comprehensive GRC frameworks 

• Enjoy collaborating with various departments and stakeholders to ensure cohesive cybersecurity governance 

• Thrive in dynamic environments and are committed to continuous improvement and innovation 

• Are proactive in identifying, assessing and mitigating cybersecurity risk, including third-party risks 

• Have a strong commitment to fostering a culture of security and compliance 

• Are skilled in managing compliance with regulatory requirements and industry standards 

​​What We Need From You​ 

Experience: 

• 7+ years of experience in cybersecurity GRC roles, with at least 3 years in a leadership or program management capacity.  

• Proven experience in building and managing GRC frameworks, including risk and compliance programs.  

• Strong background in third-party risk management and security culture initiatives.  

Technical Knowledge:  

• In-depth understanding of cybersecurity standards, frameworks, and regulations (e.g., ISO 27001, NIST CSF, GDPR, PCI DSS).  

• Familiarity with third-party risk management tools and methodologies.  

• Understanding of risk assessment, control frameworks, and audit processes.  

Skills:  

• Strong leadership and team-building skills, with a focus on collaboration and professional development.  

• Excellent written and verbal communication skills, with the ability to engage with technical and non-technical audiences.  

• Strategic thinking and problem-solving abilities with attention to detail.  

​​We are stronger together because of our common interests and rich differences. You may be the strength we didn’t know we needed. Believe in yourself, and click apply today!​ 

​​What Can You Expect From Us?​ 

• Competitive Base Salary 

• Performance Related Discretionary Bonus 

• Holiday: 28 days core annual leave, and you can buy up to 5 days  

• Pension: A minimum 2% employee contribution plus 7% MS Amlin contribution (9%) up to a maximum of 5% employee contribution plus 13% MS Amlin contribution (18%) 

• Private Medical: cover for yourself. Family members/dependants can be added 

• Flex Fund: £1,000 (pro-rated based on start date) to spend on flexible benefits  

• Life Assurance: 5x annualised base salary 

​​Each one of us is unique because of our backgrounds, what we have learned so far and how we express that. Establishing an inclusive attitude helps us, organisationally, to ‘think outside the box’ because it calls on that diverse range of ideas, perspectives and lived experiences.  
 
We commit to continuing our work towards a more diverse and inclusive future by recognising that our business, our teams and every colleague has a part to play in driving the positive change we all want to see. 
 
Our values demonstrate our commitment to providing an environment in which each and every colleague is respected for who they are and what they can contribute to the business, regardless of nationality, race, ethnicity, religion/faith, sexual orientation, gender identity, gender expression, disability, socio-economic background, sex or age.​ 

#LI-Hybrid #MSABS