Join our growing team of dedicated professionals at Gallagher Bassett, who guide those in need to the best possible outcomes for their health and wellbeing. You'll be part of a resilient team that works together to redefine the boundaries of excellence. At our organization, we value collaboration and making a positive impact in the lives of our clients and claimants, offering you the opportunity to join a team where your skills and dedication can truly make a difference. GUIDE. GUARD. GO BEYOND.

We believe that every candidate brings something special to the table, including you! So, even if you feel that you’re close but not an exact match, we encourage you to apply.

We are currently seeking an Information Security Manager who will report to our Chief Information Officer in the UK and work closely with both Gallagher Bassett Information Technology (GBIT) and Global Cyber Information Security (GCIS) Divisions. 

This role will join our UK IT Services Team and will be based in Ipswich with consideration around flexibility to work from home for the right candidate.  This role will also work from other locations as required.

This is a fantastic opportunity to join a growing business and be the main point of contact for Information Security.

• Client Facing:
  • Manage client IT and Information security questionnaires and due diligence processes, utilizing evidence libraries and liaising with business operations, GBIT and GCIS as required
  • Reference and verify information against the Global IT Security Policy Manual, Gallagher Bassett policies and those specific to EMEA and/or UK
  • Facilitate secure, accurate and professional information sharing and collaboration with clients
• Contract Review:
  • Review contracts to ensure compliance with current operational process and procedure
  • Advocate for questionnaire-based audits over in-person audits where possible
• Third-Party Due Diligence:
  • Oversee third-party assessments using Gallagher tools i.e. Process Unity in collaboration with GBIT and GCIS
  • Utilize Gallagher tooling i.e. Security Scorecard for continuous monitoring of third-party security posture
• Risk Management:
  • Capture and manage risks utilising Gallagher tooling such as Cross-Comply/Audit Board, developing mitigation plans, as necessary.
• Meetings and Forums:
  • Chair and minute the Change Advisory Board
  • Minute and be Co-Chair with GB BISO, participating in Division Cyber Committee meetings
  • Participate in Application Security, user onboarding/off boarding governance, user segregation of duties, IT Services Forum, and EMEA Security meetings as required
• Mergers & Acquisitions (M&A):
  • Review information through the DD process and participate in integration activities owning tasks such as application inventory and vendor assessment
• Policy Management:
  • Maintain and review local and global information security policies, ensuring alignment with organizational standards.
• Industry Accreditations:
  • Ensure ongoing compliance with ISO 27001 standards, engaging stakeholders and managing audit processes
  • Monitor and maintain policy compliance and standards to ensure adherence to Cyber Essentials PLUS
• Miscellaneous:
  • Manage and contribute to continuous hardening of company security posture in areas such as vulnerability management, AV protection, DLP, patch management, DR and data sovereignty and retention projects.

• Flexibility to work out of core hours to collaborate with the Global Gallagher Team
• Good attention to detail; ability to maintain a high-level of accuracy in all outputs
• Awareness of current technologies and security challenges and risks
• Ability to quickly change context and handle multiple issues or projects simultaneously
• Ability to prioritise and organise own workload to ensure that deadlines are adhered to
• Ability to liaise with colleagues and stakeholders, both domestic and global
• Ability to work under pressure and without supervision
• Able to collaborate and have fantastic communication skills
• Engage and negotiate with people, and develop and maintain effective relationships
• Proven experience in information security management, preferably within a large organization
• Proven experience in information security management, preferably within a large organization
• An excellent understanding of information security policies, risk management, and compliance standards
• Experience with ISO 27001 certification and maintenance
• Experience with Cyber Essentials PLUS certification and maintenance
• Studying or qualified in the Information Security field i.e. CISM by ISACA
• Insurance/Claims Management experience
• Experience of process documentation (product skills i.e. ProMapp)

On top of a competitive salary, great teams and exciting career opportunities, we also offer a wide range of benefits.

Below are the minimum core benefits you’ll get, depending on your job level these benefits may improve: