×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Consultant

Lead Information Security

Job in Hamilton, South Lanarkshire, ML3, Scotland, UK
Listing for: Hamilton Insurance Group, Ltd.
Full Time position
Listed on 2026-02-07
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 80000 - 100000 GBP Yearly GBP 80000.00 100000.00 YEAR
Job Description & How to Apply Below

We’re looking for a Lead Information Security

A U.S. based role within the Eastern Standard Time Zone. This role reports to Hamilton’s global Chief Information Security Officer.

The Lead Information Security professional provides leadership and subject-

matter expertise across the organization’s information and cyber security function.

This role has astrong regulatory, governance, and operational resilience focus, ensuring the organization meets its obligations under

ISO/IEC 27001, ISO 22301, DORA, FCA/PRA, and NYDFS, alongside other applicable global regulatory and supervisory requirements.

The role holder plays a critical role in shaping security strategy, influencing risk decisions, and ensuring security and resilience are embedded across technology, business, and third-party operations.

What you will do Information Security Governance & Regulatory Compliance
  • Lead and maintain the organization’sin formation security governance framework, aligned toISO/IEC 27001, including policies, standards, and control frameworks.
  • Provide alignment between cyber security program and ISO 22301.
  • Drive compliance with

    DORA (Digital Operational Resilience Act), including ICT risk management, incident reporting, resilience testing, and third-party oversight.
  • Ensure ongoing alignment with Lloyd s of London,FCA and PRA regulatory expectations, including operational resilience, outsourcing, and technology risk management.
  • Oversee compliance with

    NYDFS Cybersecurity Regulation (23 NYCRR 500) where applicable.
  • Monitor emerging regulatory requirements and translate them into actionable security and resilience initiatives.
  • Act as a senior point of contact for regulators, auditors, and external assessors, supporting regulatory reviews, audits, and formal submissions.
Risk Management & Assurance
  • Provide leadership for enterprise information and cyber security risk management.
  • Support the definition and maintenance of security risk appetite, tolerances, and risk acceptance processes.
  • Review and challenge security risk assessments for critical systems, cloud platforms, major change programs, and third-party arrangements.
  • Oversee security control assurance, testing, and remediation tracking.
  • Produce clear, risk-focused reporting for executive management, risk committees, and the Board.
Operational Resilience & Cyber Incident Management
  • Provide oversight ofcyber incident management, ensuring compliance with regulatory notification and reporting requirements (e.g. DORA, FCA, NYDFS).
  • Act as a decision-maker during major incidents, crisis situations, and cyber events.
  • Ensure regular testing of incident response, crisis management, and business continuity plans, with lessons learned embedded into practice.
  • Third-Party & Supply Chain Security
  • Oversee third-party and supply-chain security risk management, including due diligence, contractual controls, and ongoing monitoring.
  • Ensure compliance with regulatory expectations for outsourcing, material third parties, and ICT service providers, particularly under DORA and FCA/PRA rules.
  • Work closely with Legal, Vendor Management/Procurement, and Risk functions to embed security and resilience requirements into contracts and operating models.
Leadership & Stakeholder Engagement
  • Provide leadership across the information security function.
  • Build strong relationships within Information Technology, Risk, Compliance, Legal, Internal Audit, and Business leadership.
  • Promote a strong security, resilience, and risk-aware culture across the organization.
What you require for the role Essential
  • Extensive senior experience as an information security leader or senior information security professional in complex, regulated environments.
  • Deep practical experience with

    ISO/IEC 27001(ISMS design, implementation, and assurance).
  • Strong experience with

    ISO 22301and operational resilience frameworks.
  • Demonstrable experience delivering or governing compliance with

    DORA.
  • Strong understanding ofFCA and PRA supervisory expectations related to cyber security, technology risk, and operational resilience.
  • Experience with

    NYDFS Cybersecurity Regulation (23 NYCRR 500) or equivalent international frameworks.
  • Proven ability to engage confidently with regulators and…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search