• Lead and maintain the organization’s information security governance framework, aligned to ISO/IEC 27001, including policies, standards, and control frameworks. • Provide alignment between cyber security program and ISO 22301. • Drive compliance with DORA, including ICT risk management, incident reporting, resilience testing, and third-party oversight. • Ensure ongoing alignment with Lloyd's of London, FCA and PRA regulatory expectations. • Oversee compliance with NYDFS Cybersecurity Regulation (23 NYCRR 500) where applicable. • Monitor emerging regulatory requirements and translate them into actionable security and resilience initiatives. • Act as a senior point of contact for regulators, auditors, and external assessors. • Provide leadership for enterprise information and cyber security risk management. • Support the definition and maintenance of security risk appetite, tolerances, and risk acceptance processes. • Review and challenge security risk assessments for critical systems, cloud platforms, major change programs, and third-party arrangements. • Oversee security control assurance, testing, and remediation tracking. • Produce clear, risk-focused reporting for executive management, risk committees, and the Board. • Provide oversight of cyber incident management, ensuring compliance with regulatory notification and reporting requirements. • Act as a decision-maker during major incidents, crisis situations, and cyber events. • Ensure regular testing of incident response, crisis management, and business continuity plans. • Oversee third-party and supply-chain security risk management, including due diligence, contractual controls, and ongoing monitoring.