Information Security Manager in London

Headquartered in London, we operate internationally and at Lloyd’s. With a global team of over 1000 people and 10 international offices, we’re able to advise from Brussels to Bermuda. As an independent (re)insurance broking firm we work with intermediaries, direct insureds and reinsurers. For over 120 years we’ve been industry leaders in a variety of specialist areas.

Working here: A career with us means the freedom to flourish. Whether you’re beginning your journey or ready to make your next move you’ll find a team of talented, inspirational people who care about their work and each other. What really sets us apart is our people. We’re a diverse range of passionate advocates for doing things differently. We work together as one team, and our aim is to achieve outcomes that will benefit everyone.

What you’ll do: The Information Security Manager will play a pivotal role in safeguarding the confidentiality, integrity, and availability of Miller’s systems and data. They will implement Miller’s information security strategy to ensure the organisation's security posture evolves in line with ever‑changing threats and regulatory requirements. The role involves supporting the day‑to‑day operations of the information security team to ensure Miller’s security controls are functioning effectively, collaborating across the business to facilitate secure project delivery, conducting comprehensive risk assessments, overseeing third‑party security engagements, and contributing to the development of our evolving security posture. This is a hands‑on role ideal for someone who enjoys both strategic thinking and rolling up their sleeves to get things done.

Role Responsibilities:

• Implement Miller’s information security strategy to ensure controls are matured and effectively designed to address present and future cyber threats, as well as regulatory requirements.
• Ensure compliance and alignment with frameworks such as Cyber Essentials, GDPR, DORA, and other relevant standards.
• Monitor developments in information security legislation and regulation, and report relevant updates to the Head of Information Security.
• Develop and enforce Miller’s information security policies, processes, procedures, and standards.
• Establish and implement procedures to maintain security and protect systems from unauthorised access and misuse.
• Assist in identifying, assessing, and prioritising cybersecurity risks. Implement risk mitigation strategies and track the effectiveness of security measures by conducting regular security risk assessments and audits.
• Manage Miller’s third‑party risk management process, including vendor risk assessments and ongoing security reviews.
• Lead or support responses to security incidents, including investigation, containment, root cause analysis, and reporting, while working with internal teams to refine incident response processes.
• Foster a culture of security awareness across the organisation.
• Design and deliver cybersecurity awareness programmes and training sessions for employees.
• Conduct phishing simulation tests to gain insights into Miller’s information security culture.
• Provide support and guidance on information security matters.
• Offer information security requirements and guidance for Miller projects and initiatives.
• Undertake ad hoc projects and duties as needed to support business requirements or departmental objectives.
• Communicate effectively with stakeholders, including engineers, product managers, operations teams, senior management, and auditors, regarding Miller’s security posture, risks, and mitigation strategies.
• Comply with external rules and requirements relevant to the role, such as Lloyd’s byelaws and FCA regulations.
• Adhere to policies and procedures related to compliance, legal matters, and financial crime legislation and regulations applicable to Miller.
• Represent the Miller brand and values to enhance the organisation’s reputation in the marketplace.

Qualifications:

• CISSP/CISM certification or equivalent.

Knowledge:

• Strong knowledge and understanding of information security frameworks, standards, and legislation including Cyber Essentials, ISO27001, GDPR, NIST CSF and DORA.
• Strong understanding of the business impact of security tools, technologies and policies.
• Hands‑on, pragmatic approach with the ability to operate in a lean, fast‑paced environment.
• Excellent communication skills, with the ability to engage both technical and non‑technical stakeholders.
• Innovative mindset with a passion for staying current in the ever‑evolving cyber landscape.

Experience:

• Must have: Previous management experience, including the ability to develop and guide information security team members and IT operations personnel, and work with minimal supervision.
• Experience working with Cyber Essentials, GDPR and preferably DORA, ISO27001/NIST CSF.
• Experience in the broader financial services industry or within a regulated industry.
• Experience working with auditors or regulators.

Nice to have:

• Specific experience with Insurance Brokers.
• Experience in International / Multi‑location environments.

Benefits:

• 10% pension contribution from Miller. In addition, Miller will match any employee contributions up to 5%.
• Minimum of 25 days annual leave (with flexibility to buy more).
• Critical Illness cover.
• Enhanced Maternity, Paternity Adoption and Shared Parental Leave.

Miller is committed to providing equal opportunities to all applicants and to creating an inclusive working environment for all. To foster greater diversity, we want an inclusive, open and supportive working environment where everyone is valued, respected and are able to meet their full potential. At Miller, we are committed to creating an inclusive and supportive environment for all candidates. If you require any adjustments or accommodations to support you during the application process, please don’t hesitate to let us know.