Business Information Security Officer (BISO)

Role:Business Information Security Officer Location: London – Hybrid Position: Full time, permanent The Business Information Security Officer (BISO) plays a pivotal role in bridging the gap between business objectives, cybersecurity, and data protection strategy. The role focuses on excellence in protecting, detecting, resolving, mitigating, recovering, and learning from potential security exposures. The BISO will manage execution to ensure MS Amlin maintains an appropriate cybersecurity and data protection posture across its ecosystem. It serves as a liaison between business leaders, cybersecurity teams, third parties, partners, market, and regulatory stakeholders, promoting a strong security culture and contributing to cybersecurity protection, resilience, and response capabilities. Key Responsibilities: Embed Information Security and Data Protection Strategy: serve as a trusted contact across MS Amlin, ensuring uniform cybersecurity policies and practices. Collaborate with security teams to implement policies related to security operations, incident response, application security, and infrastructure. Assess and contribute to strategies for security practices, controls, resilience, risk identification, and responses. Advise on and embed the information security framework and certifications appropriate to the organization. Work with stakeholders to assess impacts of projects, solutions, partnerships, and regulations on security and data protection. Enable horizon scanning for threats, vulnerabilities, and mitigations, and collaborate on protective measures. Ensure compliance and vulnerability closure for operational resilience and relevant regulations. Report on cybersecurity and data protection capabilities, recovery, and response plans, focusing on continual improvement. Ensure disaster recovery and backup procedures are adequate and maintained. Maintain relevant cyber certifications and frameworks (e.g., NIST, ISO27001, CIS, CQUEST). Assess the impact of cyber frameworks, laws, and standards on business operations and implement measures for compliance. Conduct security content training and disseminate cybersecurity information effectively. Develop standards and assess risks of third-party relationships, advising on mitigations. Advocacy: Motivate prioritization of cybersecurity controls and streamline security measures. Work with the business to incorporate security-by-design principles into projects and infrastructure. Establish and embed security standards, resilience, response, and recovery capabilities across stakeholders. Represent MS Amlin professionally and with integrity internally and externally. Dimensions: The BISO reports to the Head of Operational and Cyber Resilience and the Operations Director. The role involves working closely with senior stakeholders across various departments to monitor and resolve issues and ensure capability alignment. Preparation of regulatory reports to FCA, Lloyd’s, PRA, auditors, and board members, along with high-quality MI packs and board papers for senior stakeholders. Ideal Candidate Profile: Ability to thrive in fast-paced, dynamic environments. Strong stakeholder engagement and communication skills. Knowledge of national and global cybersecurity policies, regulations, and frameworks. Experience with cybersecurity solutions, incident response, and data protection laws. Experience in financial services, especially insurance or Lloyd’s market, and project management. Certifications such as CISSP, CISM, CRISC, or CISA are preferred but not essential. What We Offer: Performance-related discretionary bonus. 28 days holiday plus option to buy 5 more. Pension scheme with employer contributions. Private medical insurance for employee and dependents. Flexible benefits fund (£1,000). Life assurance (10x salary). Enhanced parental leave. Support for continuous learning and professional qualifications. Annual health screening, cycle-to-work, season ticket loan, and more. About MS Amlin: MS Amlin is part of MS&AD, a global top-10 insurance group, comprising reinsurance, Lloyd’s franchise, local specialty insurer, and business services.#J-18808-Ljbffr