Lead Information Security

We’re looking for a Lead Information Security

A U.S. based role within the Eastern Standard Time Zone. This role reports to Hamilton’s global Chief Information Security Officer.

The Lead Information Security professional providesleadership and subject-

matter expertise across the organization’s information and cyber security function.

This role has astrong regulatory, governance, and operational resilience focus, ensuring the organization meets its obligations under

ISO/IEC 27001, ISO 22301, DORA, FCA/PRA, and NYDFS, alongside other applicable global regulatory and supervisory requirements.

The role holder plays a critical role in shaping security strategy, influencing risk decisions, and ensuring security and resilience are embedded across technology, business, and third-party operations.

• Lead and maintain the organization’sinformation security governance framework, aligned toISO/IEC 27001, including policies, standards, and control frameworks.
• Provide alignment between cyber security program and ISO 22301.
• Drive compliance with
  
  DORA (Digital Operational Resilience Act), including ICT risk management, incident reporting, resilience testing, and third-party oversight.
• Ensure ongoing alignment with Lloyd s of London,FCA and PRA regulatory expectations, including operational resilience, outsourcing, and technology risk management.
• Oversee compliance with
  
  NYDFS Cybersecurity Regulation (23 NYCRR 500) where applicable.
• Monitor emerging regulatory requirements and translate them into actionable security and resilience initiatives.
• Act as a senior point of contact forregulators, auditors, and external assessors, supporting regulatory reviews, audits, and formal submissions.

• Provide leadership for enterprise information and cyber security risk management.
• Support the definition and maintenance of security risk appetite, tolerances, and risk acceptance processes.
• Review and challenge security risk assessments for critical systems, cloud platforms, major change programs, and third-party arrangements.
• Oversee security control assurance, testing, and remediation tracking.
• Produce clear, risk-focused reporting for executive management, risk committees, and the Board.

• Provide oversight ofcyber incident management, ensuring compliance with regulatory notification and reporting requirements (e.g. DORA, FCA, NYDFS).
• Act as a decision-maker during major incidents, crisis situations, and cyber events.
• Ensure regular testing of incident response, crisis management, and business continuity plans, with lessons learned embedded into practice.
• Third-Party & Supply Chain Security
• Overseethird-party and supply-chain security risk management, including due diligence, contractual controls, and ongoing monitoring.
• Ensure compliance with regulatory expectations foroutsourcing, material third parties, and ICT service providers, particularly under DORA and FCA/PRA rules.
• Work closely with Legal, Vendor Management/Procurement, and Risk functions to embed security and resilience requirements into contracts and operating models.

• Provide leadership across the information security function.
• Build strong relationships within Information Technology, Risk, Compliance, Legal, Internal Audit, and Business leadership.
• Promote a strongsecurity, resilience, and risk-aware cultureacross the organization.

• Extensive senior experience as an information security leader or senior information security professional in complex, regulated environments.
• Deep practical experience with
  
  ISO/IEC 27001(ISMS design, implementation, and assurance).
• Strong experience with
  
  ISO 22301and operational resilience frameworks.
• Demonstrable experience delivering or governing compliance with
  
  DORA.
• Strong understanding ofFCA and PRA supervisory expectationsrelated to cyber security, technology risk, and operational resilience.
• Experience with
  
  NYDFS Cybersecurity Regulation (23 NYCRR 500) or equivalent international frameworks.
• Proven ability to engage confidently withregulators and…