Divisional CISO

With a company culture rooted in collaboration, expertise and innovation, we aim to promote progress and inspire our clients, employees, investors and communities to achieve their greatest potential. Our work is the catalyst that helps others achieve their goals. In short, We Enable Possibility℠.

Chief Information Security Officer

Role purpose

The Information Security Officer will provide management, leadership and delivery of information security and compliance services for Arch Insurance Europe. This role will be responsible for developing, implementing and maintaining a comprehensive risk-based information security program that aligns with the corporate program while at the same time addressing the specific needs of Arch Insurance Europe.

This role will also work in conjunction with the corporate Security team and the AEIS CISO, based in the US.

Key Responsibilities

• Facilitate the information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings. Work with stakeholders through the enterprise on identifying acceptable levels of residual risk. This can include both internal security assessments and assistance with third party software and other supplier assessments.
• Facilitate the implementation and adherence to IT aspects of the data retention policy.
• Provide information security subject matter guidance and expertise on architecture, design, software development, and other key operations and systems processes.
• Lead all vulnerability management related activities including the identification, prioritization and directing the remediation of security related vulnerabilities.
• Serve as the primary liaison between the corporate information security team and Arch Insurance Europe for all IT security related matters.
• Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the security.
• Ensure completion of required external cyber and related security risk assessments.
• Lead security incident planning and response activities.
• Support the IT Disaster Recovery Program ensuring it’s suitable, workable, and maintained/updated to reflect relevant changes across the global enterprise and aligns with the enterprise business continuity program.
• Assist with the annual IT DR testing activities with application and infrastructure owners.
• Assist in the development and operation of access recertification processes.
• Assist with all IT compliance and regulatory processes.
• Defines and governs the DEV-SEC-OPS process for securing all internal development
  
  

Role Requirements

Skills / Competencies

• Experience with ISO 27001/ISO27002, NIST Cybersecurity Framework, CIS Critical Security Controls, Cyber Essentials and Mitre Att&ck.
• Knowledge of modern disaster recovery and business continuity management concepts and leading practices for heavily virtualized environments.
• Experience with application security and secure coding practices.
• Experience in completing DPIAs in support of GDPR requirements.
• Knowledge of Windows and Linux operating systems.
• Hands on experience with security related tools such as SIEMS, IDS, network vulnerability scanners, application vulnerability scanners, anti-virus and forensic tools.
• Familiarity with network security architecture and network security monitoring.
• Knowledge of virtualization technologies.
• Excellent project management, planning and organizational skills.
• Strong interpersonal, influence and communication skills (written/verbal/presentation) at multiple levels and across boundaries; appropriately shares viewpoint and encourages the free exchange of information and opinions.
• Demonstrated ability to work successfully within a geographically distributed team and to build effective working relationships.
• Effective strategic planning and decision making abilities.
• Strong analytical / problem solving skills.
  
  

Qualifications & Experience

• Microsoft Azure security.
• Ideally degree educated
• Minimum 5 years experience in an Information Security role.
• Ideally some experience working in an Insurance company.
  
  

Do you like solving complex business problems, working with talented colleagues and have an innovative mindset? Arch may be a great fit for you. If this job isn’t the right fit but you’re interested in working for Arch, create a job alert! Simply create an account and opt in to receive emails when we have job openings that meet your criteria. Join our talent community to share your preferences directly with Arch’s Talent Acquisition team.