Cybersecurity Risk & Compliance management plays a pivotal role in embedding a culture of cyber risk and control management across the Lockton business. Cybersecurity risk management capability is a key component in enabling Lockton to inform and manage its enterprise risk profile. The Cybersecurity Risk & Compliance Lead will enable this by establishing cyber risk management program, processes to assess and manage Lockton’s cyber risk profile. They will build processes to identify, communicate, measure and report the operational effectiveness of Lockton’s cyber controls. They will be responsible for articulating cyber risk to enable decision-making towards finding the optimum balance between security risks and controls while enabling the business. Working closely with cross-functional teams, they will provide expert guidance on security best practices, risk management, and compliance requirements. The scope of this role is global, and they will report directly to the Global Chief Information Security Officer.

You will have overall accountability for:

•    Cybersecurity Risk Management and Controls
•    Maintain and mature Lockton’s cyber risk management program.
•    Maintain and continually improve Lockton’s key cyber control framework, including alignment to global standards.
•    Maintain an accurate view of Lockton’s cybersecurity risk profile across the globe through regular risk assessment and management.
•    Work with product and platform owners to ensure a common understanding of the control requirements for business-critical assets.
•    Adopt a data driven approach to measuring the effectiveness of Lockton’s cyber controls.
•    Maintain Third Party and First Party Risk Management programs
•    Maintain New System Security Risk Assessment process
•    Maintain Security Awareness and Training program
•    Maintain and continually improve Lockton’s processes for measuring and managing risk across our contracted third parties.
•    Maintain an accurate view of our risk profile across third-party suppliers.
•    Cybersecurity Posture Reporting
•    Maintain and continually improve Lockton’s cybersecurity metrics framework to measure the effectiveness of controls.
•    Identify opportunities to introduce automation over control effectiveness measurement.
•    Produce executive and stakeholder reporting on the Cyber posture of the organization.
•    Foster a culture of Cyber risk & compliance management across the organization.
•    Seek solutions to enable the business by leveraging insights. 
•    Cybersecurity Policy Development
•    Maintain global security policies and standards.
•    Assist in completion of internal and external audits and regulatory assessments.

What will set you apart from the rest?

•    Strong influencer - Ability to form open, effective, and trusting relationships with business and IT leaders
•    Strong communicator - Excellent communications skills, both written and verbal, and the ability to translate security principles and risks into business terms
•    Strong leadership acumen - Passionate about driving and sustaining change and innovation through committed leadership. Servant-leader mindset.
•    Previous experience building and maturing multi-country cyber GRC programs
•    Creative and results-oriented, who is good at balancing multiple priorities and issues
•    Strong collaborator - Team player up and down the organizational structure, ability to partner with global IT/ Security/risk departments
•    Provides a high level of professional service to customers (both internal and external) consistent with Lockton standards and procedures.
•    Self-starter and strong organizational skills in a fast-paced environment
•    Actively listen to other team members
•    Finding new ways of solving problems
•    Able to accept and action feedback

•    Bachelor’s or master’s degree in computer science, Information Assurance, MIS or related field or equivalent. 
•    Minimum 10 years of experience in information security, with a minimum of 5 years in cyber risk management, building and maturing cyber risk management/GRC programs
•    Preferred relevant certifications such as CISSP, CRISC, CGEIT, CISM and/or SANS certifications
•    Broad understanding of cybersecurity risks and control domains such as Network Security, Identity Security, Cloud Security, Data Protection.
•    Deep expertise with Security frameworks, including NIST and ISO27001.
•    Expertise with Risk Management frameworks and experience in measuring risk.
•    Expertise in measuring effectiveness of security controls.
•    Data and analytics mindset.
•    Employing authentic storytelling techniques to drive compelling stories and messages.