Information Security Governance, Risk and Compliance Lead

Gallagher Group

Gallagher Group

IT, Legal
Posted on Tuesday, August 29, 2023

About Gallagher

Our purpose at Gallagher is ‘Protect what matters most’ and we live it every day. Not only does our technology protect some of the world’s highest security environments and agriculture businesses but our purpose also means we care deeply about our people and their families. With operations in New Zealand, Australia, Asia, Africa, USA, Canada, the UK and Europe and exports across the globe, we provide our #TeamGallagher members unrivalled globally focused career pathways.

About The Role

We are in the early stages of transforming our global information security posture; you will be an integral part of shaping the future of information security within our organisation. With the entire board and executive support and buy-in, first, you will need to recruit and form your global InfoSec GRC team. 

You will be integral to our global security, providing subject matter experience and insight into developing our five-year information security uplift programme and helping us achieve our mission of protecting what matters most.  

We have multiple current and emerging information security compliance requirements which you will need to ensure we attain and remain compliant to, including but not limited to ISO27001, PCI-DSS, SOC2, CAPS, NIST, FIPS140, ASD E8, Cyber Essentials. You and your team will create and manage our global InfoSec policies, risk management, and compliance, maturing our InfoSec position. Your team must be digital natives, automating compliance using our Microsoft security tooling capabilities and embracing generative artificial intelligence to support our business with InfoSec GRC. You will work closely with the Information Security team and business units, so good communication skills are essential. 

You will work with world-leading experts and industry partners to realise our mission and be part of an inclusive organisation that values diversity in thought and creativity of mind to innovate.  

A Typical Day…   

  • Collaborate across the business and our stakeholders to understand their risk appetite and tolerances; identify, develop and collaboratively implement policies, standards, and guidelines
  • Oversee the delivery of multiple projects to agreed budgets and timelines 
  • Management and leadership of your team of security professionals 
  • Assisting with tenders and shaping how we leverage and embed InfoSec GRC to enable our sales teams to win 
  • Enhancing business processes to improve operations and realise efficiencies 
  • Develop business cases and define the delivery programme and projects 
  • You will be encouraged to innovate, test, and learn from new ways of working, develop new frameworks, and adapt to a changing landscape 
  • Influencing vital global stakeholders, gaining buy-in to the value information security provides to them and their teams and shaping their products and services so security is integrated into their offerings 
  • Leading your team in the comprehensive utilisation of our Microsoft Compliance, Purview, and Security toolset 

Key Experience & Attributes for Success

  • SFIA skills: Autonomy-6+Influence-6+Complexity-6+Business Skills-5+Knowledge-6 
  • IRMG-6+SCTY-6+INAS-7+TECH-6+SCAD-6 (essential)
  • METL-5+PRMG-5+PEMT-5 (desirable)
  • Certification bodies - ISACA, ISC2, Microsoft, IAAP, Axelos, ISO/IEC, PCI-DSS (desirable)
  • Demonstrate analysis and interpretation skills and can handle a range of complex and conflicting data, for example, working with technical problems and translating outcomes to senior leadership  
  • Influence and engage with senior managers and stakeholders on a range of risks and information security topics  
  • Fluently and professionally utilise M365 tooling, including Teams, SharePoint, PowerPoint, Sway, Planner, Power Platform  
  • Proven global InfoSec GRC leadership with team setup and automation
  • Effective team player, adaptable communicator for diverse stakeholders
  • Expert in elegant solutions for complex problems, fostering security culture
  • Initiative-driven, stakeholder engagement, ethical decision-maker

Benefits & Perks

Providing an inclusive and diverse work environment is close to our hearts. We pride ourselves on supporting all our staff and building an inclusive place for everyone to succeed. 

Did you know that our current CEO started here as a Software Engineer? We offer a range of opportunities for growth and development, both internally and with external training partners, to develop and build upon human, technical, leadership, and communication skills. 

  • Competitive salary and annual bonus
  • Access to Virgin Pulse, the worlds 1# digital health and wellbeing solution platform
  • Fully embrace flexible work arrangements: hybrid, part-time (minimum 3+ days), compressed hours, and secure remote options will be considered
  • Work from any of our global offices: onsite preference of twice a week to engage in valuable informal discussions that enhance our ongoing InfoSec cultural journey.
  • Plenty of fun along the way; Team building events, inspiring guest speakers, and team lunches

Whilst we want to fill this role, we know we must find the right fit for #TeamGallagher, so this advert will remain open until we've nailed that brief. We'd love to hear from you if this sounds like a bit of you. 

We know you are busy (as you will be in this role), and the ability to communicate clearly with brevity is essential.  Please provide us with a Cover Letter in the style of a tweet or elevator pitch (280 characters maximum), LinkedIn Profile or CV and start your journey to your new job today.