Head of Information Security - GRC

Role Description

Reporting to the Chief Information Security Officer (CISO), you will lead the governance, risk, and compliance (GRC) function for Information Security across Allianz UK, including the supplier assurance team. This role ensures alignment with internal frameworks, regulatory requirements, and industry standards. Further you will be pivotal in driving the security culture of Allianz and leading our outreach and Information Security risk agenda across our supplier ecosystem.

• Define and execute the Info Sec governance strategy aligned to business objectives and corporate risk appetite.
• Lead the Governance I annual self-assessment, ensuring alignment with Allianz Group expectations.
• Oversee the annual NIST, Cyber Essentials certification and PCI-DSS attestation processes.
• Ensure compliance with Allianz frameworks (AFRIT, AFRIS, AFIRM) and UK regulatory standards.
• Develop and maintain the Info Sec control framework, integrating with AZC and AZP change governance.

• Own and manage Archer GRC platform activities, including risk identification, assessment, mitigation, and reporting.
• Maintain the Info Sec risk register and ensure timely resolution of actions by risk owners.
• Provide assurance that Info Sec risks are monitored and managed across operational and change environments.
• Engage with Board Risk Committee, Compliance, and Audit to ensure Info Sec risk management is aligned with enterprise governance.

• Oversee the information security assurance of third-party suppliers, ensuring alignment with internal policies and regulatory requirements.
• Maintain a supplier risk assessment framework, including onboarding, periodic reviews, and exit processes in line with Group requirements.
• Ensure suppliers meet contractual Info Sec obligations and provide evidence of compliance (e.g. certifications, assessments).
• Collaborate with Procurement, Legal, and Risk teams to manage supplier-related risks and remediation activities.
• Escalate key risks and issues to information security and OPSIT leadership as necessary.

• Lead the production of Executive governance reporting and submissions to Allianz Group and local Stakeholders.
• Deliver regular Board-level reporting on information security posture, risk trends, and compliance status.
• Act as IRCS Risk Officer for Info Sec, supporting AZC and AZP risk committees with governance MI.
• Evaluate risk mitigation and audit response plans, escalating risks beyond appetite to senior leadership.

• Partner with the wider OpsIT function and the business to embed Info Sec controls across BAU and project activities.
• Ensure delivery of Info Sec quality, standards, and assurance functions with effective performance tracking.
• Monitor the effectiveness of Info Sec controls and elevate deficiencies to the CIO and senior leadership.

• Lead and oversee robust IS Governance & Risk frameworks based on industry standards within delivery methods and processes.
• Ability to produce reports, presentations and formal papers for senior stakeholders.
• Manage comprehensive security risk catalogue with clear ownership and tracking mechanisms.
• Enhance security controls within IT delivery methods and associated processes.
• Ensure quality assurance of security elements in change projects, collaborating with Change Directors.
• Partner with CIO to maintain comprehensive security control oversight across operational environments.
• Document, test, and remediate key security controls to maintain a secure technology environment.
• Track and elevate audit findings, ensuring timely remediation of security issues.
• Business-focused security mindset with strong customer orientation.
• Adaptability to evolving threat landscape.
• Strategic relationship management across technical and business stakeholders.

• Extensive relevant experience in Information Security and risk management.
• Strong track record of Group alignment and CXO committee exposure preferred.
• Business knowledge of the insurance sector preferred.
• Consulting experience or Customer facing sales experience preferred.
• Experience in using presentation…