Deputy Chief Resilience and Security Officer

The Deputy CRSO builds strong, productive relationships across our global stakeholder and partner community and is responsible for day‑to‑day engagement with each of our Business Units and Regions. You will work closely with the CRSO and leadership team to support the development and execution of our strategy, programme and operating model, driving maturity and continuous improvement across all areas. You will support regulatory reporting, board reporting, risk reporting and internal/external audits. This is a high‑profile role, interacting with our most senior stakeholders and representing the CRSO at various internal and external working groups and committees.

You will need excellent communication and presentation skills, breadth and depth of experience in the operational resilience and security domains, and a complete understanding of the regulatory and risk landscape we operate in. You will be responsible for coordinating day‑to‑day productivity and ensuring an efficient, optimised service delivery across teams. Your expertise will help monitor overall team performance and maintain adequate resource and capacity plans. Occasionally you will deputise for the CRSO, acting with delegated authority. The Deputy CRSO is a member of the Resilience and Security Leadership Team.

• Develop and maintain stakeholder maps and business engagement plans; understand business strategies in detail, including priorities and services needed from Resilience and Security.
• Enable integrated delivery to the Business across all core CRSO services, providing a single point of contact and establishing an aggregate view of risks, projects and initiatives for each Business Unit.
• Ensure stakeholders understand risks relating to their environment and appropriate prioritisation of remediation to address out‑of‑tolerance risks.
• Monitor and manage day‑to‑day performance, productivity and efficiency of the function; identify optimisation areas to drive continuous improvement.
• Continuously assess, mature and optimise our ways of working.
• Support the leadership team in developing and delivering the Resilience and Security strategy and associated initiatives; ensure alignment to Business and adjacent Group strategies.
• Build and manage long‑term strategic relationships with internal stakeholders and regulators.
• Monitor the risk and regulatory landscape and plan initiatives to meet emerging requirements.
• Represent the CRSO at internal and external governance boards and working groups.
• Manage and maintain current risk and audit commitments, including reporting.
• Build and manage partner relationships with third‑party suppliers and professional networks.
• Actively identify and promote new initiatives, build business cases and measure benefit realisation.
• Coach and mentor the wider team; foster an environment that promotes technical excellence and collaboration.
• Identify, measure and manage key performance metrics across all services and contracts – including KPIs, KRIs and SLAs – and identify areas for improvement across the department and wider organisation.

• Minimum of 10 years’ experience in security and resilience management, with at least 5 years in a senior leadership role.
• Experience within the Insurance sector (ideally) or wider FS sector.
• Proven track record of building high‑performing teams and capabilities.
• Broad and deep knowledge across the security and resilience domains, including strategy, design, operating models, frameworks, assurance and operations.
• Excellent technical knowledge of controls, preferably gained from hands‑on experience.
• Excellent knowledge of current and emerging threats, risks and regulatory requirements for cyber‑security and operational resilience in financial services (preferably insurance).
• Strong commercial awareness and ability to manage budgets and prepare financial forecasts.
• Highly effective communication and stakeholder management skills.
• Competent knowledge of risk management frameworks.
• Experience identifying and planning security initiatives and building investment cases.
• Strong leadership and team management skills and experience, with the ability to motivate and develop people.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent certification is desirable.

We hire the best people for the job and we’re committed to diversity and creating a truly inclusive culture, which we believe drives success.