Direct Line Group has been having a sweeping strategic shakeup over the past 24 months, migrating major workloads to AWS and poaching Ash Jokhoo from Virgin Atlantic in November 2021 as its new Group CIO. Now the insurance group, which owns Direct Line, Churchill, Privilege, Green Flag and NIG, is looking for a CISO too.
We're making the Direct Line Group CISO vacancy The Stack's Job of the Week -- the role is at a company relishing an ongoing transformation, with fresh digital leadership and showing largely positive feedback from employees on Glassdoor. The CISO will report to the Group CIO with the option of some flexible work.
(Outgoing CISO Robert Duncan has been headhunted elsewhere and is moving on after six years at the company, but speaks highly of it and the vision of CEO Penny James for Direct Line Group).
Follow The Stack on LinkedIn
The incoming Direct Line Group CISO will need to be a "strategic thinker who brings strong, confident thought leadership coupled with commercial pragmatism and a healthy sprinkling of evangelism" a posting for the job noted this week, adding that the successful applicant will create "healthy tension across the group - challenging and pushing for speed to market, but ensuring ALL initiatives can flourish, safely and securely."
The company did not publish a salary band and we have requested one.
Job of the Week: Direct Line Group CISO
The Direct Line Group CISO will be a group-wide role covering all of its brands and have responsibility "for specific first-line of defence responsibility in terms of thought leadership, policy, strategy, and framework for IT Security & Operational Resilience to support a secure and resilient operation" the company said.
The role spans ownership of Cyber Security & Resilience, Data Privacy, Technology Risk & Operational Resilience "while balancing the growth and development of the business with the priority of ensuring this is done safely and securely for customers and colleagues at all times. We want to create a narrative that takes everyone in Direct Line Group through the purpose and reason to believe in Information and Security as a force for good!
See also: 7 free cybersecurity tools your team should know
Direct Line Group wants someone who:
- Can build a team and community, and be someone who inspires others.
- Has deep understanding of customers and interest in the insurance business
- Experience of NIST Security framework
- Understanding and management of third-party risk in the supply chain
- Understanding of best SAFE Agile enterprise delivery frameworks
- Experience of best practice in other delivery frameworks (APM, PRINCE 2)
- Experience with developing an enterprise-wide security architecture strategy, blueprints, and processes which ensure that the strategic application of security is embedded in the management of the technology environment. "Gravitas to lead through ambiguity", whilst clearly communicating current, future, and linked strategies for CISO organisation
- Strong views in how security engineering can create options and deliver though outcomes supporting growth safely for customers and colleagues
- Being comfortable and approachable at all levels – from junior engineers to Board
- Understanding how to build long term relationships with partners to deliver multi-year strategic plan(s) and the need to move to emerging new technologies as security tooling changes over the next few years
The company is increasing embracing an Agile operating model: "We need to be secure while working agile!" the advert notes, adding that there will be "complex planned technology change in the next 5 years. Supporting this whilst also dealing with unplanned Response and Recovery from crisis events (such as Covid-19, large scale technology failures, and Cyber Security Incidents) requires this role to lead through challenging times if and when they happen. Leading and managing the Operational Resilience practice will require a clear view on how the organisation can prevent, respond to, recover and learn from operational disruptions in order to maintain provision of products and services and remain compliant. People leadership is an essential a part of the role, both direct people management as well as influencing and inspiring others across DLG and wider in the industry."
The successful applicant will regularly report to the Board Risk Committee and Risk Management Committee.