Head of Information Security - GRC

Reporting to the Chief Information Security Officer (CISO), you will lead the governance, risk, and compliance (GRC) function for Information Security across Allianz UK, including the supplier assurance team. This role ensures alignment with internal frameworks, regulatory requirements, and industry standards.

Key Accountabilities

• Governance & Strategy
  • Define and execute the InfoSec governance strategy aligned to business objectives and corporate risk appetite.
  • Lead the Governance annual self‑assessment, ensuring alignment with Allianz Group expectations.
  • Oversee the annual NIST, Cyber Essentials certification and PCI‑DSS attestation processes.
  • Ensure compliance with Allianz frameworks (AFRIT, AFRIS, AFIRM) and UK regulatory standards.
  • Develop and maintain the InfoSec control framework, integrating with AZC and AZP change governance.
• Risk Management
  • Own and manage Archer GRC platform activities, including risk identification, assessment, mitigation, and reporting.
  • Maintain the InfoSec risk register and ensure timely resolution of actions by risk owners.
  • Provide assurance that InfoSec risks are monitored and managed across operational and change environments.
  • Engage with Board Risk Committee, Compliance, and Audit to ensure InfoSec risk management is aligned with enterprise governance.
• Supplier Assurance
  • Oversee the information security assurance of third‑party suppliers, ensuring alignment with internal policies and regulatory requirements.
  • Maintain a supplier risk assessment framework, including onboarding, periodic reviews, and exit processes in line with Group requirements.
  • Ensure suppliers meet contractual InfoSec obligations and provide evidence of compliance (e.g., certifications, assessments).
  • Collaborate with Procurement, Legal, and Risk teams to manage supplier‑related risks and remediation activities.
  • Escalate key risks and issues to information security and OPSIT leadership as necessary.
• Reporting & Assurance
  • Lead the production of executive governance reporting and submissions to Allianz Group and local stakeholders.
  • Deliver regular board‑level reporting on information security posture, risk trends, and compliance status.
  • Act as IRCS Risk Officer for InfoSec, supporting AZC and AZP risk committees with governance MI.
  • Evaluate risk mitigation and audit response plans, escalating risks beyond appetite to senior leadership.
• Collaboration & Oversight
  • Partner with the wider OpsIT function and the business to embed InfoSec controls across BAU and project activities.
  • Ensure delivery of InfoSec quality, standards, and assurance functions with effective performance tracking.
  • Monitor the effectiveness of InfoSec controls and elevate deficiencies to the CIO and senior leadership.
• Technical Skills
  • Lead and oversee robust IS Governance & Risk frameworks based on industry standards within delivery methods and processes.
  • Ability to produce reports, presentations and formal papers for senior stakeholders.
  • Manage comprehensive security risk catalogue with clear ownership and tracking mechanisms.
  • Enhance security controls within IT delivery methods and associated processes.
  • Ensure quality assurance of security elements in change projects, collaborating with Change Directors.
  • Partner with CIO to maintain comprehensive security control oversight across operational environments.
  • Document, test, and remediate key security controls to maintain a secure technology environment.
  • Track and elevate audit findings, ensuring timely remediation of security issues.
  • Business‑focused security mindset with strong customer orientation.
  • Adaptability to evolving threat landscape.
  • Strategic relationship management across technical and business stakeholders.
• Experience
  • Extensive relevant experience in Information Security and risk management.
  • Strong track record of Group alignment and CXO committee exposure preferred.
  • Business knowledge of the insurance sector preferred.
  • Consulting experience or customer‑facing sales experience preferred.
  • Experience in using presentation tools to a high standard.

What We Will Offer You

• Recognised and rewarded for a job well done, we have a range of flexible benefits for you to choose from – so you can pick a package that’s perfect for you.
• We also offer flexible working options, global career opportunities across the wider Allianz Group, and fantastic career development and training.
• Flexible buy/sell holiday options
• Hybrid working
• Annual performance‑related bonus
• Contributory pension scheme
• Development days
• A discount up to 50% on a range of insurance products including car, home and pet
• Retail discounts
• Volunteering days

Integrity, Fairness, Inclusion & Trust

At Allianz, we believe in fostering an inclusive workforce and are proud to be an equal‐opportunity employer. Our commitment to equal opportunities, gender equity, and balanced gender representation is demonstrated by our numerous accreditations: EDGE certified for gender inclusion, Women in Finance Charter members, Disability Confident employer, Stonewall Diversity Champion, Business in the Community’s Race at Work Charter signatories, and Armed Forces Covenant gold standard employer. We embrace neurodiversity and welcome applications from neurodivergent and disabled candidates, offering tailored adjustments to ensure your success. We encourage our employees to advocate for their needs, whether it’s assistive technology, ergonomic equipment, mentoring, coaching, or flexible work arrangements.

Accessible Application for All

As part of the Disability Confident Scheme, we support candidates with disabilities or long‑term health conditions through the Offer an Interview Scheme, for those meeting the essential skills for the role. Contact our Resourcing team to opt into this scheme or for assistance with your application, including larger text, hard copies, or spoken applications.

Closing date 19/01/2026. We reserve the right to close the advert early if we reach enough applications.