Lead Information Security
Hamilton Company
full-time
Posted on:
Location Type: Remote
Location: United States
Visit company websiteExplore more
Job Level
Tech Stack
About the role
- Lead and maintain the organization’s information security governance framework, aligned to ISO/IEC 27001, including policies, standards, and control frameworks.
- Provide alignment between cyber security program and ISO 22301.
- Drive compliance with DORA, including ICT risk management, incident reporting, resilience testing, and third-party oversight.
- Ensure ongoing alignment with Lloyd's of London, FCA and PRA regulatory expectations.
- Oversee compliance with NYDFS Cybersecurity Regulation (23 NYCRR 500) where applicable.
- Monitor emerging regulatory requirements and translate them into actionable security and resilience initiatives.
- Act as a senior point of contact for regulators, auditors, and external assessors.
- Provide leadership for enterprise information and cyber security risk management.
- Support the definition and maintenance of security risk appetite, tolerances, and risk acceptance processes.
- Review and challenge security risk assessments for critical systems, cloud platforms, major change programs, and third-party arrangements.
- Oversee security control assurance, testing, and remediation tracking.
- Produce clear, risk-focused reporting for executive management, risk committees, and the Board.
- Provide oversight of cyber incident management, ensuring compliance with regulatory notification and reporting requirements.
- Act as a decision-maker during major incidents, crisis situations, and cyber events.
- Ensure regular testing of incident response, crisis management, and business continuity plans.
- Oversee third-party and supply-chain security risk management, including due diligence, contractual controls, and ongoing monitoring.
Requirements
- Extensive senior experience as an information security leader or senior information security professional in complex, regulated environments.
- Deep practical experience with ISO/IEC 27001 (ISMS design, implementation, and assurance).
- Strong experience with ISO 22301 and operational resilience frameworks.
- Demonstrable experience delivering or governing compliance with DORA.
- Strong understanding of FCA and PRA supervisory expectations related to cyber security, technology risk, and operational resilience.
- Experience with NYDFS Cybersecurity Regulation (23 NYCRR 500) or equivalent international frameworks.
- Proven ability to engage confidently with regulators and auditors.
- Strong ability to translate complex technical and regulatory issues into clear business risk decisions.
Benefits
- Hybrid working
- Matching 401K plan
- Medical, dental, vision, life, disability
- Generous time off (including parental leave)
- Continued support for professional development
- Gym subsidy
- My day (additional days leave for personal interests/wellness/charity work)
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
ISO/IEC 27001ISO 22301DORA complianceNYDFS Cybersecurity RegulationICT risk managementincident reportingresilience testingsecurity risk assessmentssecurity control assurancebusiness continuity planning
Soft Skills
leadershipcommunicationdecision-makingrisk managementstakeholder engagementproblem-solvingreportingstrategic thinkingcrisis managementtranslating technical issues