Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead and manage key security programmes, focusing on risk management and data protection.
- Company: Join a dynamic insurance company that values passion and innovation in the IT sector.
- Benefits: Enjoy a permanent full-time role with opportunities for growth and collaboration.
- Why this job: Be part of a leadership team shaping security strategy while making a real impact.
- Qualifications: Proven leadership in information security with knowledge of regulatory frameworks required.
- Other info: Embrace a fun and inclusive culture where challenging the norm is encouraged.
The predicted salary is between 72000 - 108000 £ per year.
Head of Information Security
Department: IT Operations
Employment Type: Permanent – Full Time
Location: London
Reporting To: Kirsty Kelly
Description
As Head of Information Security, you will report directly into the Group CISO, and be responsible for leading and managing key pillars of our security programme, with a primary focus on Third-Party Security Risk Management, Data Loss Prevention (DLP), Policy Governance, Security Training & Awareness, and Identity & Access Management (IAM).
You will work closely with the Group CISO to ensure consistent high standards in your areas of responsibility and ensure global adherence to security practices. The ideal candidate will have deep knowledge of regulatory frameworks such as NYDFS Cybersecurity Regulation, GDPR, and other European and Australian data protection laws, and will bring a proactive, risk-based approach to the governance and operationalisation of security controls.
About the role
Within this role, you will act as a member of the CISO’s leadership team, contributing to security strategy, budgeting, and cross-functional planning. This involves supporting the CISO to build and manage a high-performing team aligned with the security program’s objectives. Other key responsibilities include:
- Management of Cyber Incidents supporting the CISO and CISO team in the co-ordination of managing these events globally.
- Manage vendor relationships within your areas of responsibility. This includes responsibilities around renewals, negotiations, contract updates and regular touch points with the vendors.
- Working collaboratively with legal, procurement, and operational resilience teams to ensure Third Party Risk Management is being supported end-to-end and the correct due diligence is in place to monitor our supply chain, along with SLAs.
- Leading the assessment, onboarding, and continuous monitoring of third-party vendors
- Implementing and refining risk-based frameworks and tools for evaluating vendor security posture with an aim of continuously monitoring and evaluating the CFC supply chain.
- Maintaining, updating, and socialising security policies, standards, and procedures to reflect evolving threats, technologies, and regulations
- Overseeing DLP strategy to prevent unauthorised data access, use, or transfer involving continuously tune DLP tooling, policies and rules to align with emerging threats and business needs and coordinating incident response activities related to DLP alerts.
- Develop a company-wide security awareness and training program including tailoring training to address emerging risks, regulatory obligations, and role-specific responsibilities and measuring/reporting on the effectiveness of this training.
- Directing the strategy and operations for IAM, including provisioning, access reviews, and privileged access management.
- Partnering with IT to integrate IAM best practices into enterprise systems and workflows.
- Working closely with the CISO to ensure security controls meet compliance obligations under NYDFS, GDPR, and relevant global financial regulations.
About you
The ideal candidate for this role will come with proven leadership in information security governance within a regulated environment. We will also be looking for someone with a Strong familiarity with UK and international regulatory frameworks in the US, Europe and Australia. Also, you will be:
- Adept at translating complex regulatory or technical requirements into practical business-aligned controls, policies and processes.
- Comfortable working with audit and compliance stakeholders during assessments, certifications, or investigations.
- From a strong background in information security frameworks, standards, and regulatory requirements including a strong understanding of enterprise IT and security architecture, cloud security, data protection, threat management, and incident response.
- Proficient in developing programme and project management reporting and documentation.
- Able to manage third-party vendors, MSSPs, and contract negotiations.
Core Values
Love what you do:
We show up each day ready to take on the world. Our passion and intensity set us apart and makes the difference to our colleagues, customers, brokers and carriers.
Challenge everything:
We’re never afraid to question the way that things are done and we constantly challenge ourselves and others to makes things better.
Have fun, be good:
Insurance is a serious business, but we don’t take ourselves too seriously. We make it fun to work at CFC, we welcome all viewpoints, and we treat everyone how we would expect to be treated. #J-18808-Ljbffr
Head of Information Security (London) employer: Starr Underwriting
Contact Detail:
Starr Underwriting Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Head of Information Security (London)
✨Tip Number 1
Network with professionals in the information security field, especially those who have experience with regulatory frameworks like GDPR and NYDFS. Attend industry events or webinars to connect with potential colleagues and learn about the latest trends in security management.
✨Tip Number 2
Familiarise yourself with the specific security tools and frameworks mentioned in the job description, such as Data Loss Prevention (DLP) and Identity & Access Management (IAM). Being able to discuss these in detail during an interview will demonstrate your expertise and readiness for the role.
✨Tip Number 3
Prepare to showcase your leadership skills by gathering examples of how you've successfully managed teams or projects in the past. Highlight your ability to translate complex regulatory requirements into actionable strategies, as this is a key aspect of the role.
✨Tip Number 4
Research StudySmarter's company culture and values, particularly their emphasis on passion, challenging the status quo, and having fun at work. Be ready to discuss how your personal values align with theirs, as cultural fit is often just as important as technical skills.
We think you need these skills to ace Head of Information Security (London)
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in information security governance, particularly within regulated environments. Emphasise your familiarity with regulatory frameworks like GDPR and NYDFS, as well as your leadership skills.
Craft a Compelling Cover Letter: In your cover letter, express your passion for information security and how your background aligns with the responsibilities of the Head of Information Security role. Mention specific achievements that demonstrate your ability to manage third-party risk and lead security initiatives.
Showcase Your Knowledge: During the application process, be prepared to discuss your understanding of security policies, data loss prevention strategies, and identity and access management. Highlight any experience you have with developing training programs or managing cyber incidents.
Proofread and Edit: Before submitting your application, carefully proofread your documents for any spelling or grammatical errors. A polished application reflects your attention to detail, which is crucial in the field of information security.
How to prepare for a job interview at Starr Underwriting
✨Understand Regulatory Frameworks
Make sure you have a solid grasp of key regulatory frameworks like GDPR and NYDFS Cybersecurity Regulation. Be prepared to discuss how these regulations impact security practices and how you would ensure compliance within the organisation.
✨Showcase Leadership Experience
As this role involves leading a team, be ready to share examples of your previous leadership experiences in information security. Highlight how you've built high-performing teams and contributed to security strategy in past roles.
✨Demonstrate Risk Management Skills
Prepare to discuss your approach to risk management, particularly in relation to Third-Party Security Risk Management. Be specific about frameworks or tools you've implemented to evaluate vendor security posture and how you've handled incidents.
✨Engage with Security Training Initiatives
Since developing a company-wide security awareness programme is part of the role, think about how you would tailor training to address emerging risks. Be ready to discuss any previous experience you have in creating or managing security training initiatives.
