Cybersecurity Risk & Compliance Lead

Kansas City, Missouri, United States of America

At Lockton, we’re passionate about helping our people achieve their ultimate potential. Our people are curious, action-oriented and always striving to make ourselves and those around us better. We’re active listeners working to ensure understanding and problem solvers developing innovative solutions. If you can see yourself delivering excellent service to clients, giving back to our communities and being a part of our caring culture, you belong here.

Cybersecurity Risk & Compliance management plays a pivotal role in embedding a culture of cyber risk and control management across the Lockton business. Cybersecurity risk management capability is a key component in enabling Lockton to inform and manage its enterprise risk profile. The Cybersecurity Risk & Compliance Lead will enable this by establishing cyber risk management program, processes to assess and manage Lockton’s cyber risk profile. They will build processes to identify, communicate, measure and report the operational effectiveness of Lockton’s cyber controls. They will be responsible for articulating cyber risk to enable decision-making towards finding the optimum balance between security risks and controls while enabling the business. Working closely with cross-functional teams, they will provide expert guidance on security best practices, risk management, and compliance requirements. The scope of this role is global, and they will report directly to the Global Chief Information Security Officer.

You will have overall accountability for:

1. Cybersecurity Risk Management and Controls
2. Maintain and mature Lockton’s cyber risk management program.
3. Maintain and continually improve Lockton’s key cyber control framework, including alignment to global standards.
4. Maintain an accurate view of Lockton’s cybersecurity risk profile across the globe through regular risk assessment and management.
5. Work with product and platform owners to ensure a common understanding of the control requirements for business-critical assets.
6. Adopt a data driven approach to measuring the effectiveness of Lockton’s cyber controls.
7. Maintain Third Party and First Party Risk Management programs.
8. Maintain New System Security Risk Assessment process.
9. Maintain Security Awareness and Training program.
10. Maintain and continually improve Lockton’s processes for measuring and managing risk across our contracted third parties.
11. Maintain an accurate view of our risk profile across third-party suppliers.
12. Cybersecurity Posture Reporting
13. Maintain and continually improve Lockton’s cybersecurity metrics framework to measure the effectiveness of controls.
14. Identify opportunities to introduce automation over control effectiveness measurement.
15. Produce executive and stakeholder reporting on the Cyber posture of the organization.
16. Foster a culture of Cyber risk & compliance management across the organization.
17. Seek solutions to enable the business by leveraging insights.
18. Cybersecurity Policy Development
19. Maintain global security policies and standards.
20. Assist in completion of internal and external audits and regulatory assessments.

What will set you apart from the rest?

1. Strong influencer - Ability to form open, effective, and trusting relationships with business and IT leaders.
2. Strong communicator - Excellent communications skills, both written and verbal, and the ability to translate security principles and risks into business terms.
3. Strong leadership acumen - Passionate about driving and sustaining change and innovation through committed leadership. Servant-leader mindset.
4. Previous experience building and maturing multi-country cyber GRC programs.
5. Creative and results-oriented, who is good at balancing multiple priorities and issues.
6. Strong collaborator - Team player up and down the organizational structure, ability to partner with global IT/ Security/risk departments.
7. Provides a high level of professional service to customers (both internal and external) consistent with Lockton standards and procedures.
8. Self-starter and strong organizational skills in a fast-paced environment.
9. Actively listen to other team members.
10. Finding new ways of solving problems.
11. Able to accept and action feedback.

1. Bachelor’s or master’s degree in computer science, Information Assurance, MIS or related field or equivalent.
2. Minimum 10 years of experience in information security, with a minimum of 5 years in cyber risk management, building and maturing cyber risk management/GRC programs.
3. Preferred relevant certifications such as CISSP, CRISC, CGEIT, CISM and/or SANS certifications.
4. Broad understanding of cybersecurity risks and control domains such as Network Security, Identity Security, Cloud Security, Data Protection.
5. Deep expertise with Security frameworks, including NIST and ISO27001.
6. Expertise with Risk Management frameworks and experience in measuring risk.
7. Expertise in measuring effectiveness of security controls.
8. Data and analytics mindset.
9. Employing authentic storytelling techniques to drive compelling stories and messages.

Lockton Companies is proud to provide everyone an equal opportunity to grow and advance. We are committed to an inclusive culture and environment where our people, clients and communities are treated with respect and dignity.

At Lockton, supporting diversity, equity and inclusion is ingrained in our values, and we believe that we are at our best when we fully embrace everyone. We strive to cultivate a caring culture that learns from, celebrates and thrives because of our breadth of differences. As such, we recognize that recruiting, developing and retaining people with diverse backgrounds and experiences is vital and enabling our people to thrive personally and professionally is critical to our long-term success.

Lockton is the largest privately held independent insurance brokerage in the world. Since 1966, our independence has allowed us to serve our clients, take care of our people and give back to our communities. As such, our 10,000+ Associates doing business in over 100 countries are empowered to do what’s right every day.

At Lockton, we believe in the power of all people. You belong at Lockton.

At Lockton, we empower you to be true to yourself in all that you do. Your success is our success, and we provide opportunities to help you grow and create a rewarding career path, however you envision it.

We are ready to meet you where you are today, and as your needs change over time. In addition to industry-leading health insurance, we offer additional options to support your overall health and wellbeing.