Business Information Security Officer, Anz

About Us:
Welcome to Gallagher - a global leader in insurance, risk management, and consulting services. With a growing team of more than 45,000 professionals worldwide, we empower businesses, communities, and individuals to thrive. At Gallagher, you can build a career whether it’s with our brokerage division, our benefits and HR consulting division, or our corporate team. Experience The Gallagher Way, a culture fueled by shared values and a collective passion for excellence. Join one of our dynamic teams, where you'll play a pivotal role in shaping Gallagher's future and unlocking unparalleled opportunities for both clients and yourself.

Overview:
The Business Information Security Officer (BISO) functions as the cyber and information security leader for all Gallagher divisions in Australian and New Zealand (ANZ) The BISO reports to the Global Chief Information Security Officer (CISO) with dotted lines to all Chief Information Officers in ANZ.

This role will manage the APAC GCIS team in supporting both enterprise-level and divisional information security strategies, objectives, and obligations. This includes providing staff as needed to support the Asia BISO and the Asian businesses during the Australian & New Zealand work day and some global support activities outside the Australian & New Zealand business hours.

The ANZ BISO works in close collaboration with Corporate and divisional leaders across all business, legal, central services and technology teams to identify, assess, prioritize and manage information security risk within the region.

Key areas of responsibility include information security risk management, system security, data protection, compliance, training, audits, managing mergers and acquisition risk, and executive-level reporting and communications.

**Responsibilities**:

- Establish strong working relationships and maintain ongoing communication / transparency with divisional leaders, other divisional BISOs, members of the Global Cyber and Information Security team, and other key stakeholders.
- Provide guidance to the divisional CIOs and the Global CISO on existing divisional security gaps, associated risks, and prioritization of remediation activities.
- Coordinate with the Global Cyber and Information Security team, divisional IT Compliance Leads, and other divisional BISOs to ensure a consistent approach is followed during execution of information security processes and procedures.
- Work with the SOC & Incident Response Team to assist in coordinating the overall response and recovery activities for security incidents that impact the division.
- Verify and distribute divisional cybersecurity metrics to the Global CISO, divisional CIOs, and executive teams around key divisional IT security and performance indicators.
- Ensure alignment with and promote the Global IT & Security Policy Manual (GITSPM), and corporate and regional standards, liaising between the divisions, enterprise cyber security team, and technology leads.
- Ensure all applicable regulatory, legal, compliance and contractual obligations are properly interpreted and continuously met by the security program. Stay abreast of external requirements, trends, and best practices.
- Support the divisions and global CISO in seeking budget optimization by ensuring program costs and value are properly balanced.
- Increase security maturity and reduce risk across ANZ divisions by driving implementation of leading cyber security standards, practices and controls (e.g. ISO27K, APRA, PCI-DSS, NZISM),
- Drive divisional participation in global training and awareness campaigns for information security and data governance requirements.
- Work with the core business platform teams to help develop secure business requirements and security architecture that will integrate into the enterprise-level and divisional information security strategies and objectives.
- Provide divisional guidance through the identification, tracking, and remediation of divisional information security risks or other audit / regulatory findings.
- Maintain an effective IT due diligence vendor risk management assessment program.
- Acting as the CISO in region for satisfying Federal and State Government security requirements, ensuring updates to the ISM are implemented in a timely fashion.
- Take responsibility for Compliance Operations, including audit preparation and liaison with internal and external auditors, including internal FAIR assessments and external government IRAP assessments as needed.
- Support the Head of Global ISMS in the adoption of ISO27001 best practices across all ANZ divisions, contributing to the running of Division Cyber Committee meetings in region.

Qualifications:
**Required**:

- Minimum of 8 years or more year of experience in information security leadership role.
- Bachelor’s Degree in Business, Information Technology, Computer Science, Engineering, related technical degree, or equivalent experience.
- Experience with international