Lead Information Security in Hamilton

We’re looking for a Lead Information Security professional for a U.S. based role within the Eastern Standard Time Zone. This role reports to Hamilton’s global Chief Information Security Officer. The Lead Information Security professional provides leadership and subject-matter expertise across the organization’s information and cyber security function. This role has a strong regulatory, governance, and operational resilience focus, ensuring the organization meets its obligations under ISO/IEC 27001, ISO 22301, DORA, FCA/PRA, and NYDFS, alongside other applicable global regulatory and supervisory requirements. The role holder plays a critical role in shaping security strategy, influencing risk decisions, and ensuring security and resilience are embedded across technology, business, and third-party operations.

What you will do

• Information Security Governance & Regulatory Compliance
  • Lead and maintain the organization’s information security governance framework, aligned to ISO/IEC 27001, including policies, standards, and control frameworks.
  • Provide alignment between cyber security program and ISO 22301.
  • Drive compliance with DORA (Digital Operational Resilience Act), including ICT risk management, incident reporting, resilience testing, and third-party oversight.
  • Ensure ongoing alignment with Lloyd's of London, FCA and PRA regulatory expectations, including operational resilience, outsourcing, and technology risk management.
  • Oversee compliance with NYDFS Cybersecurity Regulation (23 NYCRR 500) where applicable.
  • Monitor emerging regulatory requirements and translate them into actionable security and resilience initiatives.
  • Act as a senior point of contact for regulators, auditors, and external assessors, supporting regulatory reviews, audits, and formal submissions.
• Risk Management & Assurance
  • Provide leadership for enterprise information and cyber security risk management.
  • Support the definition and maintenance of security risk appetite, tolerances, and risk acceptance processes.
  • Review and challenge security risk assessments for critical systems, cloud platforms, major change programs, and third-party arrangements.
  • Oversee security control assurance, testing, and remediation tracking.
  • Produce clear, risk-focused reporting for executive management, risk committees, and the Board.
• Operational Resilience & Cyber Incident Management
  • Provide oversight of cyber incident management, ensuring compliance with regulatory notification and reporting requirements (e.g. DORA, FCA, NYDFS).
  • Act as a decision-maker during major incidents, crisis situations, and cyber events.
  • Ensure regular testing of incident response, crisis management, and business continuity plans, with lessons learned embedded into practice.
• Third-Party & Supply Chain Security
  • Oversee third-party and supply-chain security risk management, including due diligence, contractual controls, and ongoing monitoring.
  • Ensure compliance with regulatory expectations for outsourcing, material third parties, and ICT service providers, particularly under DORA and FCA/PRA rules.
  • Work closely with Legal, Vendor Management/Procurement, and Risk functions to embed security and resilience requirements into contracts and operating models.
• Leadership & Stakeholder Engagement
  • Provide leadership across the information security function.
  • Build strong relationships within Information Technology, Risk, Compliance, Legal, Internal Audit, and Business leadership.
  • Promote a strong security, resilience, and risk-aware culture across the organization.

What you require for the role

• Essential
  • Extensive senior experience as an information security leader or senior information security professional in complex, regulated environments.
  • Deep practical experience with ISO/IEC 27001 (ISMS design, implementation, and assurance).
  • Strong experience with ISO 22301 and operational resilience frameworks.
  • Demonstrable experience delivering or governing compliance with DORA.
  • Strong understanding of FCA and PRA supervisory expectations related to cyber security, technology risk, and operational resilience.
  • Experience with NYDFS Cybersecurity Regulation (23 NYCRR 500) or equivalent international frameworks.
  • Proven ability to engage confidently with regulators and auditors.
  • Strong ability to translate complex technical and regulatory issues into clear business risk decisions.
• Desirable
  • Background in financial services, banking, insurance, payments, or other highly regulated sectors.
  • Experience leading regulatory remediation, control uplift, or transformation programs.
  • Exposure to cloud security governance and complex third-party ecosystems.

Qualifications & Certifications

• Degree in Information Security, Computer Science, Risk Management, or equivalent experience.
• CISSP certification is strongly preferred. Equivalent certifications such as CISM, CRISC, or ISO 27001 Lead Implementer/Lead Auditor are also highly desirable.

Personal Attributes

• High integrity with strong ethical judgement.
• Calm, authoritative presence in high-pressure or regulatory situations.
• Excellent written and verbal communication skills.
• Confident, pragmatic leader with the ability to challenge constructively.
• Team player and business goals oriented.

What you can expect from us

We offer a vibrant, entrepreneurial, and collaborative culture guided by our values: Be Smart, Be Sensible, Be Open and Be More. We know if we welcome and respect differences, we’ll attract and retain talent that brings a valuable diversity of perspectives and experience. We want all our colleagues to feel that they can bring their whole selves to work at Hamilton and know that they can be part of building a great company. Hamilton offers a competitive salary with an annual performance-based target bonus and a comprehensive benefits package, to include:

• Hybrid working
• Matching 401K plan
• Medical, dental, vision, life, disability
• Generous time off (including parental leave)
• Continued support for professional development
• Gym subsidy
• My day (additional days leave for personal interests/wellness/charity work)

In good company. Hamilton (NYSE: HG) underwrites specialty insurance and reinsurance risks on a global basis through its wholly owned subsidiaries. Its three underwriting platforms: Hamilton Global Specialty, Hamilton Select and Hamilton Re, each with dedicated and experienced leadership, provide access to diversified and profitable business around the world. Headquartered in Bermuda, Hamilton has over 600 employees with key underwriting operations in London, Bermuda, the US and Dublin. We work collaboratively, we share a passion for the service and results we deliver, and we know that what we do each day is meaningful – to our customers and our business. We believe we are ‘In good company.’ with everyone we interact with.