Job Description
We are currently working with an Insurance organisation whose Regional Information Security teams are currently undergoing major reshaping and evolution to address emerging threats in our cyber security area. This includes establishing dedicated Security Risk and Assurance function, allowing RISO in coordination with global Security Risk & Assurance tower to perform ongoing assessments. The position reports to the Regional Information Security Officer, the main purpose of the role is to lead the Cyber Risk & Assurance tower.
Responsibilities:

• Responsible for implementation of the Cyber Risk Management Framework in the region and to build and enhance the framework where required.
• Drive the Risk & Control Self-Assessment (RCSA) process and have continued dialogue with control owners
• Produce risk-based reporting for the Regional team to address regional requirements as well as global requirements.
• Manage and coordinate the regional policy exception process and contribute to annual reviews of Information Security policies, standards, procedures and/ or guidelines.
• Management of direct reports including performance appraisals

Requirements:

• Experience working in transformation or continual improvement programmes.
• Understanding of basic cyber security and IT concepts, such as networks, vulnerabilities, types of cyber-attacks etc.
• Experience interpreting and applying information security standards and frameworks or attestation reports