Chief Information Security Officer (CISO)

My client, a top International Insurance firm, based in London, are looking for a Chief Information Security Officer. For this role it is two days per week in the office. These are the key non-negotiable requirements (the below is the standard JD but the bits in bold here are the actual key requiremetns from the business:

- Come from a tech background i.e. be hands on

- Been involed in Security technology transformation projects

- Been able to operate in a product agile way

- Strong leadership, board level presence

- Dealing directly with regulators

- Know securtiy insdie out around applications/infrastructure, security products

About the CISO role:

Job overview: Are you a strategic security leader with a passion for safeguarding assets, data, and reputation in a complex financial environment? My client is committed to protecting their customers, employees, and business operations through innovative security strategies and industry-leading practices. As their UK&I Chief Security Officer, you'll be at the forefront of defining and executing our security vision, ensuring regulatory compliance, and driving resilience across our organisation. This is a unique opportunity to make a tangible impact at a leading insurer, shaping the future of security in an evolving industry.

Key responsibilities:

• Lead the development and execution of the UK&I security strategy, ensuring alignment with corporate standards and regulatory requirements.
• Oversee security governance frameworks, monitor KPIs and KRIs, and report on security performance to senior leadership and the board.
• Manage risk assessment and mitigation activities, including control implementation, assurance programs, and audit responses.
• Drive incident response, business continuity, and resilience initiatives to safeguard physical and information security.
• Ensure ongoing compliance with FCA, PRA, and other relevant regulatory standards; support audits and maintain certifications.
• Lead, motivate, and develop security teams and collaborate with Group security functions to ensure consistency and effectiveness.
• Promote a security-aware culture through training, awareness campaigns, and embedding security best practices across the organisation.
• Represent my client at external industry forums, regulators, and security bodies to influence standards and maintain the organisation’s reputation.

Work arrangements: At my client they work smart, empowering our people to balance their time between home and the office in a way that works best for them, their team and our customers. You'll work at least two days a week (40%) away from home, moving to three days a week (60%) in the future. Away from home means attending the office, visiting clients or attending industry events.

Your skills & experience:

• Extensive experience managing security in large, complex organisations, within the financial services sector.
• Strong leadership and influencing skills, with the ability to manage and motivate large teams and engage stakeholders at all levels.
• Deep expertise in information security architecture, cloud security, risk assessment, and control frameworks (ISO 27001, NIST).
• Proven ability to develop and implement strategic security initiatives aligned with business objectives.
• Demonstrated experience managing substantial budgets and leading large-scale security projects.
• Excellent communication skills, capable of articulating complex security concepts to non-technical audiences and senior executives.
• A degree in Information Technology, Cybersecurity, or a related field; professional certifications such as CISM, CISSP, or ISO 27001 Lead Implementer are preferred.
• Resilience, adaptability, and a proactive approach to emerging threats and industry trends.

Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates