Defining and implementing a Cybersecurity Strategic Plan at Lockton entities in-scope, aligned with the Global Cybersecurity Strategic Plan, business objectives, local and regional regulatory and compliance requirements
Determining methods to implement, enforce and advise the Lockton entities in-scope on cybersecurity related issues. This includes educating business and functional leaders on security awareness, operationalization of policies, standards and baselines
Mitigating Lockton’s risk exposure at entities in-scope, ensuring that appropriate risk treatment plans are developed to comply with defined risk appetite. This includes risk identification, risk acceptance, solution development and risk mitigation implementation support
Leading Lockton’s cybersecurity transformation journey to put in place at entities in-scope, an organization based on key disciplines: Information Security, Cyber Incident Response, Operational Resilience, Data Protection. This includes collaborating on key security tasks, such as incident management, access control, threat modeling, vulnerability management, third party assessments, etc.
Ensuring well-informed security decisions are taken, escalating risk, when required to the executive management
Ensuring the provisioning of adequate resources (financial, human, technological, etc.) to implement the Lockton Global Cybersecurity Strategic Plan
Securing and monitoring the necessary budget and investments to deliver the mission
Support information security awareness and training initiatives to educate workforce about information risks and mitigation
Ensuring that sound and consistent information security architectures that have been defined and documented are leveraged and effectively communicated to local business lines and technology support groups
Ensuring effective governance is in place within the local operation and business environments supporting the global CISO directives and policies
Leading the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies and applicable laws and regulations
Leading or commissioning information security risk assessments and controls selection activities
Providing information security interface to the business continuity plan/program for the company's data, information, and assets.
Acting as liaison with auditors and regulators regarding their role in information security policies and procedures and is responsible for the closure of audit issues relating to information security locally
Liaising with and offering strategic direction to related governance functions (such as physical security/ facilities, risk management, technology, HR, legal and compliance) and senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
Participates on appropriate committees/task forces
Provides second, third line information and cybersecurity support, triaging incidents in accordance with the incident response plan
Provides cybersecurity support and guidance on privacy, regulatory, compliance events
Qualifications
Minimum 10 years of information security experience with at least 2 years as senior security leader responsible for overall security function
Team Management & Leadership
Ability to engage with Business Leaders of his/her perimeter as well as with CIO/COO/CISO hierarchy
Organized, self-sufficient with ability to manage teams globally and drive change
Ability to prioritize and execute tasks in a high-pressure environment
Excellent written, oral, and interpersonal communication skills (English)
Demonstrated experience understanding security risks, identifying gaps, and creating risk-mitigating and remediation plans, drawing up IT Security roadmap
Demonstrated experience understanding of technical aspects of information and IT technology and core security components such as network, firewall, proxy, VPN, anti-malware, email protection and filtering, system security controls, vulnerability assessment, penetration testing
In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
Good grasp of PCI-DSS, ISO 27001, NIST, UK Cyber Essentials, GDPR, POPIA, and other security norms, regulations, standards & frameworks
One or more of the following or similar certifications is a plus: CISM, CISSP, CCISO, CRISC
Analysis and synthesis skills
Personal Attributes
Executive presence, and the ability to foster relationship management, negotiate and influence
Effective communications skills, including both written and verbal communication skills, and the ability to translate security principles into business terms
Foundational technical expertise, including both business acumen and strategic thinking, as well as the ability to identify issues and provide innovative problem solving
Passionate about driving and sustaining change through committed leadership
Creative and results-oriented, who is good at balancing multiple priorities and issues
Team player up and down the organizational structure, across countries and IT/ Security departments
Ability to form open, effective, and trusting relationships with country CxO members
Provides a high level of professional service to customers (both internal and external) consistent with Lockton standards and procedures
Good skills in Microsoft Office Suite, especially, PowerPoint