The Regional Information Security Officer (RISO) leads and manages the cybersecurity posture of Lockton Companies at one of the three global regions of business operations and reports directly to the Global Chief Information Security Officer.

The RISO defines and cascades the global information security policy in their scope and ensures its application. RISO has an advisory, leadership, delivery, assistance, training, and alerting role with the management of Lockton Companies.

RISO ensures proper alignment with Lockton Companies’ global cybersecurity strategy and act as primary liaison between the global information security office and the regional business and IT leadership, helping the lines of business understand and implement security policies and processes while also helping translate business priorities to the global information security office.

RISO ensures the implementation of operational processes and solutions to guarantee data protection and information systems’ security level. Through relationship management, influence, and negotiation, the RISO supports both the core information security function and helps lines of business improve the global information security program’s maturity by encouraging collaboration, ensuring relevance, and driving results.

Key Accountabilities

• Defining and implementing a Cybersecurity Strategic Plan at Lockton entities in-scope

• Determining methods to implement, enforce and advise the Lockton entities in-scope on cybersecurity related issues.

• Mitigating Lockton’s risk exposure at entities in-scope

• Leading Lockton’s cybersecurity transformation journey to put in place at entities in-scope

• Ensuring well-informed security decisions are taken, escalating risk, when required to the executive management.

• Ensuring the provisioning of adequate resources

• Support information security awareness and training initiatives

• Ensuring effective governance is in place within the local operation and business environments supporting the global CISO directives and policies.

• Leading the design and operation of related compliance monitoring and improvement activities

• Leading or commissioning information security risk assessments and controls selection activities

• Acting as liaison with auditors and regulators

• Liaising with and offering strategic direction to related governance functions

• Provides second, third line information and cybersecurity support, triaging incidents in accordance with the incident response plan.

Qualifications

Extensive information security experience including senior security leader responsible for overall security function

Team Management & Leadership

• Ability to engage with Business Leaders of his/her perimeter as well as with CIO/COO/CISO hierarchy.
• Organized, self-sufficient with ability to work in a matrixed organization regionally and drive change.
• Experience of managing teams and developing staff

 Demonstrated experience understanding security risks, identifying gaps, and creating risk-mitigating and remediation plans, drawing up IT Security roadmap.

Demonstrated experience understanding technical aspects of information and IT technology and core security components

In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.

Good grasp of PCI-DSS, ISO 27001, NIST, UK Cyber Essentials, GDPR, POPIA, and other security norms, regulations, standards & frameworks

One or more of the following or similar certifications is a plus: CISM, CISSP, CCISO, CRISC

Personal Attributes

Executive presence, and the ability to foster relationship management, negotiate and influence.

Practical and risk-based approach for problem solving and the ability to think ‘outside the box’ to find solutions which balance the need to run and grow the business and keep it safe.

Ability to partner with the lines of business, see gaps as opportunities, and enable the business leveraging a risk-based approach compared to an audit-based approach

Effective communications skills, including both written and verbal communication skills, and the ability to translate security principles into business terms.

Foundational technical expertise, including both business acumen and strategic thinking, as well as the ability to identify issues and provide innovative problem solving.

Passionate about driving and sustaining change through committed leadership.

Creative and results-oriented, who is good at balancing multiple priorities and issues.