Cybersecurity Defense Lead

This is an opportunity to join Ascot Group - one of the world’s preeminent specialty risk underwriting organizations.

Designed as a modern-era company operating through an ecosystem of interconnected global operating platforms, we’re bound by a common mission and purpose: One Ascot. Our greatest strength is a talented team who flourish in a collaborative, inclusive, and entrepreneurial culture, steeped in underwriting excellence, integrity, and a passion to find a better way, The Ascot Way.

The Ascot Way guides our people and our organization. Our underwriting platforms collaborate to find creative ways to deploy our capital in a true cross-product and cross-platform approach. These platforms work as one, deploying our capital creatively through our unique Fusion Model: Client Centric, Risk Centric, Technology Centric.

Built to be resilient, Ascot maximizes client financial security while delivering bespoke products and world class service — both pre- and post-claims. Ascot exists to solve for our clients’ brightest tomorrow, through agility, collaboration, resilience, and discipline.

Job Summary:

Reporting to the Chief Information Security Officer, the Global Head Cyber Defense helps build, manage and mature our cybersecurity posture. This is a key role that is accountable for our 24X7 global security operations center, improving our incident detection, incident response and incident management capabilities, and ensuring we have the appropriate people, processes and technologies to detect, prevent and respond to the ever-changing cyber threat landscape. 

This key role in the cybersecurity organization involves collaborating with various teams across the organization, such as and not limited to - the IT leadership team, Infrastructure, business unit stakeholders, Legal, Finance, Enterprise Risk Management, and Compliance functions. The position requires strong technical knowledge in cybersecurity and IT along with business acumen to effectively communicate with the business tailoring content according to the audience, help build trust put forward recommendations and deliver strategic initiatives. 

This individual needs to demonstrate a record of successfully leading, motivating, and developing high-performing cybersecurity teams along with executive presence and the ability to drive change in a dynamic environment.

Responsibilities: 

• Work with the CISO and take ownership of the Cybersecurity Defense function that includes, and is not limited to - strategy, improving cyber resilience, finance/budget, a service catalogue comprising of the Security Operations Center, Threat Intelligence, Threat Hunting, Insider Threat and achieving compliance with regulatory & audit requirements. 
• Support other functions within the cybersecurity group to lead a coordinated effort to meet objectives – such as penetration testing, red/purple team exercises, training and awareness along with presenting at various internal forums and committees. 
• Serve as a point of escalation for the L1, L2, L3 SOC Analysts, Head of SOC, MSSP, and other vendors, lead and coordinate response efforts with other groups and stakeholders with varying technical expertise, such as IT, Legal, business etc.  Provide oversight and governance over the daily operations of the MSSP and SOC team at a global level, mentor and provide training to junior SOC team members.  
• Oversee the incident response process, ensuring rapid identification, containment, eradication, and recovery from security incidents.

• Act as an Incident Commander during cybersecurity incidents working across incident confirmation, containment, and communicating to internal and external stakeholders. 

• Manage and create incident reports, identify improvements to detect and prevent similar incidents from occurring in the future. 

• Work with end users, vendors, and MSSP where appropriate on security related incident through closure. 
• Stay current with evolving threats, vulnerabilities, tools, technologies and threat actor TTPs to help improve detection and response capabilities.  
• Develop and refine standard operating procedures in the form of run books and playbooks for incident response and threat detection. Create and make improvements to procedures and playbooks. 
• Provide oversight and guidance on the technical analysis, log reviews, and assessments of cybersecurity incidents throughout the incident management lifecycle.  
• Identify opportunities of improvement with the processes, procedures, and our detection capabilities including detection use cases within our SIEM for our expanding estate using appropriate scripting languages. 

• Assist with additional ad hoc projects as required.

• Run and coordinate annual cybersecurity tabletop exercises, that spread across both technical and non-technical areas and testing. 

Experience Required: 

• 12 years of extensive cybersecurity experience, with at least 5 years in a senior leadership role and a proven track record in leading a global cyber defense function. 

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate cybersecurity and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from senior leadership to technical specialists. 

• Track record of successfully managing a high-performing cybersecurity organization with the ability to motivate and mentor high-performing security teams and foster a culture of excellence.

• Knowledge of current and upcoming methodologies and trends in the cybersecurity landscape, including a deep knowledge of cyber threats, attack techniques, and cybersecurity frameworks/standards.

• Deep knowledge of threat detection and response; digital forensics and malware analysis; cloud security across the various cloud hosting platforms; endpoint detection and response; SIEM platforms and working knowledge of managed security service providers. 

• Familiarity with existing and experimental cybersecurity philosophies and experience implementing leading-edge capabilities. 

• Strong leadership skills to influence organizational change, build teams, and communicate security priorities effectively across the enterprise.

• Technology management skills, including security architecture design, engineering, operations, and vendor oversight.

• Business acumen to understand enterprise operations, risk tolerance, and industry dynamics.

• Analytical skills to conduct technical assessments, prioritize vulnerabilities, and develop risk treatment plans.

• Project management skills to assist with the development and execution of the cybersecurity strategy and roadmaps to strengthen and continuously improve the cybersecurity posture. 

• Passion for continuous learning to stay current on advancing threats and security best practices.

• Ability to maintain a calm structured mindset even when under pressure. 

   

***This position may be filled at a different level, depending on experience***

Please be aware that Ascot Group’s job opportunities will be posted on our official careers page. All official communication comes from @ascotgroup.com email addresses, if you receive a job offer or recruitment communication from Ascot Group that you suspect might be fraudulent, do not hesitate to contact us directly to verify its legitimacy. We will never ask for payment or sensitive personal information during any stage of the recruitment process. Your privacy and trust are of utmost importance to us, and we strive to ensure that you have a positive experience with Ascot Group.

#LI-Hybrid