Business Information Security Officer, Anz

Welcome to Gallagher – a global leader in insurance, risk management, and consulting services. With a growing team of more than 45,000 professionals worldwide, we empower businesses, communities, and individuals to thrive. At Gallagher, you can build a career whether it’s with our brokerage division, our benefits and HR consulting division, or our corporate team. Experience The Gallagher Way, a culture fueled by shared values and a collective passion for excellence. Join one of our dynamic teams, where you'll play a pivotal role in shaping Gallagher's future and unlocking unparalleled opportunities for both clients and yourself.

We believe that every candidate brings something special to the table, including you! So, even if you feel that you’re close but not an exact match, we encourage you to apply.

The Business Information Security Officer (BISO) functions as the cyber and Information Security leader for all Gallagher divisions in Australian and New Zealand (ANZ) The BISO reports to the Global Chief Information Security Officer (CISO) with dotted lines to all Chief Information Officers in ANZ.

This role will manage the APAC GCIS team in supporting both enterprise-level and divisional Information Security strategies, objectives, and obligations. This includes providing staff as needed to support the Asia BISO and the Asian businesses during the Australian & New Zealand work day and some global support activities outside the Australian & New Zealand business hours.

The ANZ BISO works in close collaboration with Corporate and divisional leaders across all business, legal, central services and technology teams to identify, assess, prioritize and manage Information Security risk within the region.

Key areas of responsibility include Information Security risk management, system security, data protection, compliance, training, audits, managing mergers and acquisition risk, and executive-level reporting and communications.

• Establish strong working relationships and maintain ongoing communication / transparency with divisional leaders, other divisional BISOs, members of the Global Cyber and Information Security team, and other key stakeholders. 
• Provide guidance to the divisional CIOs and the Global CISO on existing divisional security gaps, associated risks, and prioritization of remediation activities.
• Coordinate with the Global Cyber and Information Security team, divisional IT Compliance Leads, and other divisional BISOs to ensure a consistent approach is followed during execution of Information Security processes and procedures. 
• Raise awareness to technology and business application owners about relevant application security processes and provide oversight and assurance the division’s application inventory is accurately captured and inventoried.
• Work with the SOC & Incident Response Team to assist in coordinating the overall response and recovery activities for security incidents that impact the division.
• Verify and distribute divisional cybersecurity metrics to the Global CISO, divisional CIOs, and executive teams around key divisional IT security and performance indicators. 
• Ensure alignment with and promote the Global IT & Security Policy Manual (GITSPM), and corporate and regional standards, liaising between the divisions, enterprise cyber security team, and technology leads. 
• Ensure all applicable regulatory, legal, compliance and contractual obligations are properly interpreted and continuously met by the security program.  Stay abreast of external requirements, trends, and best practices. 
• Support the divisions and global CISO in seeking budget optimization by ensuring program costs and value are properly balanced.
• Increase security maturity and reduce risk across ANZ divisions by driving implementation of leading cyber security standards, practices and controls (e.g. ISO27K, APRA, PCI-DSS, NZISM),
• Drive divisional participation in global training and awareness campaigns for Information Security and data governance requirements.
• Work with the core business platform teams to help develop secure business requirements and security architecture that will integrate into the enterprise-level and divisional Information Security strategies and objectives.
• Provide divisional guidance through the identification, tracking, and remediation of divisional Information Security risks or other audit / regulatory findings.
• Counsel divisional IT management on security requirements for acquisitions and mergers and the vetting and procurements of new applications and technology platforms.
• Maintain an effective IT due diligence vendor risk management assessment program. 
• Guide divisional IT software development and application teams in the use of GCIS application security tools for tracking and correcting vulnerabilities and code weaknesses.
• Acting as the CISO in region for satisfying Federal and State Government security requirements, ensuring updates to the ISM are implemented in a timely fashion.
• Take responsibility for Compliance Operations, including audit preparation and liaison with internal and external auditors, including internal FAIR assessments and external government IRAP assessments as needed.
• Support the Head of Global ISMS in the adoption of ISO27001 best practices across all ANZ divisions, contributing to the running of Division Cyber Committee meetings in region.

Required:

• Minimum of 8 years or more year of experience in Information Security leadership role.
• Bachelor’s Degree in Business, Information Technology, Computer Science, Engineering, related technical degree, or equivalent experience.
• Experience with international security and IT control standards and frameworks (e.g. ISO27001, GDPR, PCI-DSS, NIST, COBIT, COSO) and national security standards (APRA, ISM, NZISM etc)
• CISA, CISM, CISSP or equivalent IT security related certification (or willingness to pursue).
• Strong understanding of Information Security risk management methodologies and regulatory requirements pertaining to Information Security, and/or data security.
• Ability to manage multiple complex priorities and competing agendas.
• Ability to interpret and apply policies and regulations across a large, complex business
• Knowledge in cloud computing platforms and capabilities.
• Demonstrated leadership of multiple projects or a portfolio of projects with cross-functional stakeholder groups.

Desired:

• Analytical aptitude with an emphasis on investigative, methodical critical questioning and logical thinking; a data-driven decision maker
• Minimum bachelor's degree or commensurate experience required with emphasis in Computer Science, Engineering, Information Systems Management or Information Security.
• Australian citizen either holding a AGSVA baseline clearance or the ability to gain this mandatory security clearance.

#LI-TG2

We value inclusion and diversity

Inclusion and diversity (I&D) is a core part of our business, and it’s embedded into the fabric of our organization. For more than 95 years, Gallagher has led with a commitment to sustainability and to support the communities where we live and work.

Gallagher embraces our employees’ diverse identities, experiences and talents, allowing us to better serve our clients and communities. We see inclusion as a conscious commitment and diversity as a vital strength. By embracing diversity in all its forms, we live out The Gallagher Way to its fullest.

Gallagher believes that all persons are entitled to equal employment opportunity and prohibits any form of discrimination by its managers, employees, vendors or customers based on race, color, religion, creed, gender (including pregnancy status), sexual orientation, gender identity (which includes transgender and other gender non-conforming individuals), gender expression, hair expression, marital status, parental status, age, national origin, ancestry, disability, medical condition, genetic information, veteran or military status, citizenship status, or any other characteristic protected (herein referred to as “protected characteristics”) by applicable federal, state, or local laws.

Equal employment opportunity will be extended in all aspects of the employer-employee relationship, including, but not limited to, recruitment, hiring, training, promotion, transfer, demotion, compensation, benefits, layoff, and termination. In addition, Gallagher will make reasonable accommodations to known physical or mental limitations of an otherwise qualified person with a disability, unless the accommodation would impose an undue hardship on the operation of our business.