Business Information Security Officer

**Introduction**

Welcome to Gallagher - a global leader in insurance, risk management, and consulting services. With a growing team of more than 52,000 professionals worldwide, we empower businesses, communities, and individuals to thrive. At Gallagher, you can build a career whether it’s with our brokerage division, our benefits and HR consulting division, or our corporate team. Experience The Gallagher Way, a culture fueled by shared values and a collective passion for excellence. Join one of our dynamic teams, where you'll play a pivotal role in shaping Gallagher's future and unlocking unparalleled opportunities for both clients and yourself.

**Overview**

The Business Information Security Officer (BISO) - India is responsible for managing the Gallagher Cyber Information Security (GCIS) program of works for the Indian region. This includes identifying, evaluating, and reporting on information security risks across all Gallagher divisions in India, in a manner that meets compliance and regulatory requirements, as well as aligning with the company's risk appetite. In addition to reporting on a regular basis to the UK - based EMEA BISO, this role will work closely with:

- IT Directors of India and Local CTO for Gallagher India and Gallagher Centre of Excellence
- The India Senior Business Leaders for IT and QA & Transition
- The India division’s ISMS manager in maintaining their ISO27001 certification
- GCIS Project Managers delivering both new and enhanced capabilities.

This is a hybrid role, in office 2-3 days per week, and can be based out of either our Pune or Bangalore offices, with some travel between the two expected.

**How you'll make an impact**
- Continue to develop and prioritise the information security strategy and roadmap for India that aligns with the GCIS security strategy.
- Monitor and manage security incidents, vulnerabilities, and threats that affect the various Indian divisions, and work with Gallagher’s global security teams to ensure effective response and remediation.
- Ensure compliance with applicable laws, regulations, and contractual requirements related to information security throughout India.
- Work with the Global SOC in the co-ordination and escalation of security incidents to the appropriate Indian authorities when appropriate.
- Develop and maintain relationships with key stakeholders across India, including business leaders, IT teams, and external partners to ensure effective communication and collaboration on information security matters.
- Lead and coordinate the implementation of security policies, standards, and procedures in India.
- Ensure security awareness and training programs are in place and effective in India.
- Manage the security budget for India, ensuring efficient and effective use of resources.
- Represent India in the appropriate security governance forums and ensure alignment with the region security strategy.- Brokerage clients will have time-sensitive due diligence security audits and questionnaires that will need to be managed and responded to.- Business suppliers and IT supply chain vendors must be managed to ensure they do not introduce risk to Gallagher.- Confidential participation in the Merger and Acquisition process with external companies, lawyers and security consultant

**About you**
- Bachelor's degree in computer science, information systems, or a related field. A master's degree is preferred.
- At least 8-10 years of experience in information security, with a minimum of 5 years in a leadership role.
- Strong knowledge of security frameworks and standards such as ISO 27001, NIST, PCI-DSS, and GDPR.
- Demonstrated experience in the management of staff and small teams.
- Experience in managing security incidents and crises.- Excellent communication and stakeholder management skills are required.
- Familiarity with security technologies such as firewalls, intrusion detection systems, and SIEMs.
- Knowledge of cloud security and Insurance practices is a plus.
- Relevant certifications such as CISSP, CISM, or CRISC are preferred.
- Lead auditor experience in ISO27001 is preferred.

LI-DK3

**Additional Information** We value inclusion and diversity**

Inclusion and diversity (I&D) is a core part of our business, and it’s embedded into the fabric of our organization. For more than 95 years, Gallagher has led with a commitment to sustainability and to support the communities where we live and work.

Gallagher embraces our employees’ diverse identities, experiences and talents, allowing us to better serve our clients and communities. We see inclusion as a conscious commitment and diversity as a vital strength. By embracing diversity in all its forms, we live out The Gallagher Way to its fullest.

Gallagher believes that all persons are entitled to equal employment opportunity and prohibits any form of discrimination by its managers, employees, vendors or customers based on race, color, religion, creed, gender (including pregnancy status), sex