Information Security Compliance Manager

Key Responsibilities

Compliance

Create and maintain an up-to-date Compliance Framework that maps the Information Security Controls Framework to internal and external requirements (DORA, NYDFS, SOC, PRA etc), control assurance activities and supporting evidence.

Create, implement and maintain supporting First Line controls assurance programme that aligns with Second Line

Conduct periodic assurance activities in line with the assurance programme to validate controls are in place and effective

Conduct gap analysis to establish compliance gaps, including new regulations and cyber certification requirements

Work with Cyber Maturity Programme to establish, document and track control implementation through to BAU.

Maintain a central, up to date record of Beazley's Cyber Compliance status including current supporting documentation

Highlight control deficiencies and assist in creating and overseeing remediation plans

Maintain a central Compliance action plan

Create and maintain a calendar of compliance activities aligned with the wider Compliance Team schedule

Work alongside the Internal Audit Team to establish the inputs into Internal Audits and agree auditing topics and schedules

Act as the point of contact and coordination for internal and external cyber audits, certifications and regulatory compliance requests, including liaison with third-party auditors and Beazley's Compliance and Audit teams

Act as the subject matter expert for Cyber Compliance requirements

Work with Compliance team to ensure cyber regulatory requirements and changes are identified, defined and communicated to the correct stakeholders

Reporting & Documentation

Prepare detailed reports on compliance activities and status including control assessments, regulatory compliance and policy compliance

Ensure regulatory reporting requirements are defined and maintained in line with current regulatory landscape

Provide compliance input into Governance Committees

Collaboration: Work closely with control owners, risk owners, Compliance, Second and Third Line to ensure that information security compliance requirements are integrated into business operations, systems, and technologies and working effectively.

Skills and Abilities

Knowledge and Experience

• At least 5 years experience within Cyber Compliance (GRC)
• Hands on experience of creating Compliance Frameworks
• Deep knowledge and practical implementation of industry frameworks (ISO, NIST,COBIT)
• Audit experience (ISO27001 Lead Auditor or equivalent)
• Good knowledge of the cyber security regulation in all territories in which Beazley operates.
• Experience with GRC platforms or compliance automation tools
• Certifications such as CISSP, CISM, or CISA would be advantageous
• Experience working with stakeholders across both IT and the business
• Ability to handle sensitive situations with discretion and employ high ethical standards.

Aptitude and Disposition

• Outcome focussed, self-motivated, flexible and enthusiastic.
• Professional approach to successfully interact with managers/colleagues/external suppliers.

Competencies

• Technical expertise
• Conceptual thinking and problem solving
• Collaboration
• Planning and managing resources effectively
• Delivery orientation, initiative and drive
• Purposeful communication and capacity to influence others.
• Team player
• Customer and business focused.