Strategic BISO: Cyber Risk & Security Strategy (London)

The Business Information Security Officer (BISO) serves as a vital strategic partner to technology and business leaders within LII of the GRS Strategic Business Unit (SBU). This role is at the forefront of implementing Liberty Mutual’s cybersecurity program, proactively aligning SBU objectives with the enterprise security strategy. As a trusted business enabler, the BISO ensures all business decisions adhere to corporate security policies and are executed with a strong security mindset—without compromising speed, agility, or business outcomes.

Leveraging a deep understanding of SBU strategic security needs, the BISO significantly influences the prioritization and delivery of security service features and the development of new security solutions. The BISO is committed to fostering a strong security culture, continuously improving security processes and technologies to protect our policyholders and employees. With a keen awareness of industry trends, the BISO champions security awareness and best practices across all employees.

About the Department & Team: Liberty International Insurance (LII) within the Global Retail Solutions (GRS) is one of Liberty Mutual’s core markets, focused on serving commercial and retail insurance customers. LII delivers specialized insurance solutions in partnership with customers, agents, and brokers across 27 countries, reflecting a truly global reach and commitment to excellence.

Responsibilities

• Build and nurture strong partnerships with SBU stakeholders—including IT leadership, Product Owners, and senior business executives—to foster trust and drive efficient program implementation.
• Balance individual customer needs with broader business priorities, ensuring alignment with Global Cybersecurity strategies.
• Participate actively in SBU program increment planning events and, as a dotted-line member of the LII CIO leadership team, help cascade and influence a strategic cyber risk management vision that supports innovation and business execution.
• Influence the prioritization and delivery of security services, as well as the development of new security products and features.
• Support the creation and execution of risk remediation action plans and manage exception processes as needed.
• Ensure the prioritization of security initiatives within SBU teams is balanced effectively alongside other business priorities.
• Drive shared accountability for the development and ongoing management of secure applications.
• Collaborate with other BISOs, the Market Strategy & Delivery Leader and the CISO to define and communicate key performance indicators (KPIs), key risk indicators (KRIs), and relevant metrics.
• Stay abreast of the evolving threat landscape and advise stakeholders on emerging risks and recommended courses of action.
• Commit to ongoing professional development, especially in areas of regulatory change, technology evolution, and cybersecurity and privacy trends—applying this knowledge to enhance global strategies and programs.
• Partner with local counsel on incident response and regulatory compliance matters as applicable.
• Support SOC and/or legal functions by assisting in the management of security incidents and events to safeguard IT assets, regulated data, and the company’s reputation.
• Champion third-party risk management by advising business owners on vendor engagement, remediation efforts, and continuous monitoring actions.
• Advance the security champion program to deepen and broaden security engagement across SBU application development teams.
• Develop and maintain a robust network of industry contacts; conduct research on industry trends, competitive landscape, and emerging technologies to inform strategic and tactical recommendations.

Skills and Experience

• Bachelor's or Master's Degree in technical or business discipline or related experience; Master's Degree preferred.
• Experience in a leadership role.
• Demonstrated real world, hands on technical design and implementation experience.
• Strong familiarity with Information Security precepts, practices, and solutions.
• Extensive knowledge across a broad range of identity and access management technologies.
• In depth knowledge of IT concepts, strategies and methodologies and their application to business opportunities.
• In depth knowledge of project delivery, business operations, objectives and strategies.
• Advanced knowledge of management concepts, practices and techniques.
• Strong interpersonal skills with the ability to effectively influence others.
• Ability to build collaborative working relationships with a broad range of enterprise stakeholders.
• Strong decision making capabilities, with proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.

Preferred location for the role is London with travel up to roughly 20% of the time across the regions to engage in-market with leadership teams, technology partners, and key stakeholders.