Business Information Security Officer (BISO)

Role: Business Information Security Officer

London - Hybrid

Full time, permanent

The Business Information Security Officer (BISO) plays a pivotal role in bridging the gap between business objectives, cybersecurity, and data protection strategy. The focus is on protecting, detecting, resolving, mitigating, recovering, and learning from potential security exposures. This role will provide execution management to ensure MS Amlin maintains an appropriate cybersecurity and data protection posture. The BISO acts as a liaison between business leaders, cybersecurity teams, third parties, partners, market, and regulatory stakeholders, promoting a strong security culture and enhancing cyber security protection, resilience, and response capabilities.

1. Embed Information Security and Data Protection Strategy across the organization.
2. Collaborate with security teams to implement policies on security operations, incident response, application security, and infrastructure.
3. Assess and contribute to strategies for information security, controls, resilience, and risk management.
4. Advise on and embed relevant security frameworks and certifications (e.g., NIST, ISO27001, CIS).
5. Work with stakeholders to assess impacts of new projects, solutions, and regulations on security and data protection.
6. Monitor security threats, vulnerabilities, and mitigation strategies.
7. Ensure compliance with cybersecurity regulations and standards.
8. Report on cybersecurity and data protection capabilities, recovery plans, and continual improvement initiatives.
9. Develop standards for third-party risk assessment and oversee related mitigations.
10. Promote security awareness and training initiatives.
11. Represent MS Amlin in external and internal cybersecurity matters with professionalism.
12. Prepare regulatory reports and high-quality MI packs for senior management.

• Knowledge of cybersecurity policies, regulations, and frameworks.
• Experience with cybersecurity solutions, incident response, and recovery.
• Understanding of data protection laws and practices.
• Excellent communication skills to engage stakeholders at all levels.
• Experience in financial services, preferably insurance or Lloyd’s market.
• Background in cybersecurity, IT, and project management.
• Knowledge of operational resilience and third-party risk management.
• Certifications such as CISSP, CISM, CRISC, or CISA are preferred but not essential.

• Performance-related discretionary bonus
• 28 days annual leave plus options to buy more
• Competitive pension scheme
• Private medical insurance
• Flexible benefits fund
• Life assurance
• Enhanced parental leave
• Support for continuous learning and professional development
• Annual health screening
• Additional benefits such as cycle to work and season ticket loans

MS Amlin is part of MS&AD, a top-10 global insurance group, comprising reinsurance, Lloyd’s franchise, specialty insurance, and business services divisions.