Head of Information Security - GRC at Allianz UK

Role Description

Reporting to the Chief Information Security Officer (CISO), you will lead the governance, risk, and compliance (GRC) function for Information Security across Allianz UK, including the supplier assurance team. This role ensures alignment with internal frameworks, regulatory requirements, and industry standards..

Further you will be pivotal in driving the security culture of Allianz and leading our outreach and Information Security risk agenda across our supplier ecosystem

Key Accountabilities

Governance & Strategy

• Define and execute the InfoSec governance strategy aligned to business objectives and corporate risk appetite.
• Lead the Governance I annual self-assessment, ensuring alignment with Allianz Group expectations.
• Oversee the annual NIST, Cyber Essentials certification and PCI-DSS attestation processes.
• Ensure compliance with Allianz frameworks (AFRIT, AFRIS, AFIRM) and UK regulatory standards.
• Develop and maintain the InfoSec control framework, integrating with AZC and AZP change governance.

Risk Management

• Own and manage Archer GRC platform activities, including risk identification, assessment, mitigation, and reporting.
• Maintain the InfoSec risk register and ensure timely resolution of actions by risk owners.
• Provide assurance that InfoSec risks are monitored and managed across operational and change environments.
• Engage with Board Risk Committee, Compliance, and Audit to ensure InfoSec risk management is aligned with enterprise governance

Supplier Assurance

• Oversee the information security assurance of third-party suppliers, ensuring alignment with internal policies and regulatory requirements.
• Maintain a supplier risk assessment framework, including onboarding, periodic reviews, and exit processes in line with Group requirements.
• Ensure suppliers meet contractual InfoSec obligations and provide evidence of compliance (e.g. certifications, assessments).
• Collaborate with Procurement, Legal, and Risk teams to manage supplier-related risks and remediation activities.
• Escalate key risks and issues to information security and OPSIT leadership as necessary

Reporting & Assurance

• Lead the production of Executive governance reporting and submissions to Allianz Group and local Stakeholders. 
• Deliver regular Board-level reporting on information security posture, risk trends, and compliance status.
• Act as IRCS Risk Officer for InfoSec, supporting AZC and AZP risk committees with governance MI.
• Evaluate risk mitigation and audit response plans, escalating risks beyond appetite to senior leadership.

Collaboration & Oversight

• Partner with the wider OpsIT function and the business to embed InfoSec controls across BAU and project activities.
• Ensure delivery of InfoSec quality, standards, and assurance functions with effective performance tracking.
• Monitor the effectiveness of InfoSec controls and escalate deficiencies to the CIO and senior leadership.

Technical Skills

• Lead and oversee robust IS Governance & Risk frameworks based on industry standards within delivery methods and processes
• Ability to produce reports, presentations and formal papers for senior stakeholders
• Manage comprehensive security risk catalogue with clear ownership and tracking mechanisms
• Enhance security controls within IT delivery methods and associated processes
• Ensure quality assurance of security elements in change projects, collaborating with Change Directors
• Partner with CIO to maintain comprehensive security control oversight across operational environments
• Document, test, and remediate key security controls to maintain a secure technology environment
• Track and escalate audit findings, ensuring timely remediation of security issues
• Business-focused security mindset with strong customer orientation
• Adaptability to evolving threat landscape
• Strategic relationship management across technical and business stakeholders

Experience

• Extensive relevant experience in Information Security and risk management
• Strong track record of Group alignment and CXO committee exposure preferred.
• Business knowledge of the insurance sector preferred.
• Consulting experience or Customer facing sales experience preferred.
• Experience in using presentation tools to a high standard