Information Security Manager
Role details
Job location
Tech stack
Job description
The Information Security Manager will play a pivotal role in safeguarding the confidentiality, integrity, and availability of Miller's systems and data. They will implement Miller's information security strategy to ensure the organisation's security posture evolves in line with ever-changing threats and regulatory requirements. The role involves supporting the day-to-day operations of the information security team to ensure Miller's security controls are functioning effectively, collaborating across the business to facilitate secure project delivery, conducting comprehensive risk assessments, overseeing third-party security engagements, and contributing to the development of our evolving security posture. This is a hands-on role ideal for someone who enjoys both strategic thinking and rolling up their sleeves to get things done.
Tech, Data and Innovation
The team supports and enhances all technology-based services to Miller with the aim of supporting and extending the business' service range and excellence. Activities are carried out and managed against the Corporate Business Plan and Board/Business Unit priorities.
Role Responsibilities:
- Implement Miller's information security strategy to ensure controls are matured and effectively designed to address present and future cyber threats, as well as regulatory requirements.
- Ensure compliance and alignment with frameworks such as Cyber Essentials, GDPR, DORA, and other relevant standards.
- Monitor developments in information security legislation and regulation, and report relevant updates to the Head of Information Security.
- Develop and enforce Miller's information security policies, processes, procedures, and standards.
- Establish and implement procedures to maintain security and protect systems from unauthorised access and misuse.
- Assist in identifying, assessing, and prioritising cybersecurity risks. Implement risk mitigation strategies and track the effectiveness of security measures by conducting regular security risk assessments and audits.
- Manage Miller's third-party risk management process, including vendor risk assessments and ongoing security reviews.
- Lead or support responses to security incidents, including investigation, containment, root cause analysis, and reporting, while working with internal teams to refine incident response processes.
- Foster a culture of security awareness across the organisation.
- Design and deliver cybersecurity awareness programmes and training sessions for employees.
- Conduct phishing simulation tests to gain insights into Miller's information security culture.
- Provide support and guidance on information security matters.
- Offer information security requirements and guidance for Miller projects and initiatives.
- Undertake ad hoc projects and duties as needed to support business requirements or departmental objectives.
- Communicate effectively with stakeholders, including engineers, product managers, operations teams, senior management, and auditors, regarding Miller's security posture, risks, and mitigation strategies.
- Comply with external rules and requirements relevant to the role, such as Lloyd's byelaws and FCA regulations.
- Adhere to policies and procedures related to compliance, legal matters, and financial crime legislation and regulations applicable to Miller.
Represent the Miller brand and values to enhance the organisation's reputation in the marketplace.
Requirements
Do you have experience in Root cause analysis?, CISSP/CISM certification or equivalent.
Knowledge
- Strong knowledge and understanding of information security frameworks, standards, and legislation including Cyber Essentials, ISO27001, GDPR, NIST CSF and DORA.
- Strong understanding of the business impact of security tools, technologies and policies.
- Hands-on, pragmatic approach with the ability to operate in a lean, fast-paced environment.
- Excellent communication skills, with the ability to engage both technical and non-technical stakeholders.
- Innovative mindset with a passion for staying current in the ever-evolving cyber landscape.
Experience
- Must have:
o previous management experience, including the ability to develop and guide information security team members and IT operations personnel, and work with minimal supervision. o experience working with Cyber Essentials, GDPR and preferably DORA, ISO27001/NIST CSF. o experience in the broader financial services industry or within a regulated industry. o experience working with auditors or regulators.
- Nice to have:
o specific experience with Insurance Brokers. o experience in International / Multi-location environments.
Benefits & conditions
On top of a competitive salary we offer a fantastic benefits package including:
-
10% pension contribution from Miller. In addition, Miller will match any employee contributions up to 5%.
-
Private Medical Insurance
-
Medicare cash plan
-
Minimum of 25 days annual leave (with flexibility to buy more)
-
Life Assurance
-
Income Protection
-
Critical Illness cover
-
Enhanced Maternity, Paternity Adoption and Shared Parental Leave
Miller is committed to providing equal opportunities to all applicants and to creating an inclusive working environment for all.
To foster greater diversity, we need an inclusive, open and supportive working environment where everyone is valued, respected and are able to meet their full potential.
