Job Description

The Global Head of IT Security & Cyber Programs is a senior executive leader responsible for overseeing the global portfolio of IT Security and Cybersecurity initiatives. This role ensures that all security-related programs are delivered with precision, regulatory compliance, and alignment to business priorities. Reporting to the Regulatory Tower Lead, the position plays a pivotal role in embedding cybersecurity into the broader technology delivery ecosystem and enabling secure digital transformation across business lines and jurisdictions.
This role combines strategic leadership, disciplined delivery, and hands-on technical oversight to drive robust governance, cross-functional integration, and execution excellence across a complex, rapidly evolving global landscape. The scope encompasses IT Security, Cyber Transformation, and broader Technology Solutions.
With end-to-end accountability for the direction and delivery of critical security initiatives, the leader will ensure that security architectures, technology roadmaps, and implementation approaches are scalable, resilient, and aligned with enterprise security architecture and regulatory mandates. This individual will act as a key bridge between executive stakeholders, business units, demand owners, and strategic partners, translating security strategies into actionable programs that support enterprise objectives, compliance requirements, and global delivery standards.
By driving integration between security strategy and execution, this role will enable a secure, high-performing, and future-ready technology environment that supports the organization's growth and risk posture.
Key Executive Responsibilities:
Program Execution & Delivery Excellence

• Oversee delivery of global IT Security & Cybersecurity programs for the Group organization, leading a cross-regional team of project/program managers, solution leads, and PMO professionals to strengthen regulatory readiness, cyber resilience, and strategic program delivery maturity
• Ensure execution excellence across the global IT Security & Cyber portfolio, maintaining alignment with enterprise objectives, regulatory obligations, and robust risk and financial governance frameworks.
• Inspire and manage a globally distributed delivery team, fostering collaboration, execution discipline, and continuous capability development across program/project managers, solution leads, and PMO teams to enhance delivery maturity.
• Adapt and enforce fit-for-purpose delivery methodologies (Agile, Waterfall, Hybrid), tailoring governance frameworks to meet the unique demands of security-critical and regulatory-driven initiatives..
• Drive continuous improvement and operational excellence across the global IT Security portfolio, ensuring strong risk management, financial control, and compliance to support business resilience

Organizational Leadership & Capability Development

• Design and evolve global delivery models to enable consistent, secure, and regulatory-compliant execution of cybersecurity programs, aligning regional teams with enterprise strategy and jurisdictional requirements.
• Build and lead high-performing global teams, fostering talent development, cross-regional collaboration, and succession planning through mentoring, strategic upskilling, and targeted capability growth.
• Drive a culture of accountability, innovation, and continuous improvement, embedding strategic thinking and collaborative delivery practices to enhance execution agility and operational resilience.
• Implement standardized governance and reporting frameworks, ensuring visibility of milestones, KPIs, and risks, while strengthening executive engagement and regulatory responsiveness across global cybersecurity initiatives.

Stakeholder Management & Board Engagement

• Build and maintain credibility with Board members and C-level executives by delivering clear, insightful, and data-driven updates on program status, risks, and strategic priorities.
• Influence senior board-level executives and key stakeholders to prioritize resilience initiatives and guide strategic investment decisions aligned with enterprise risk and security objectives.
• Drive executive decision-making by building strong relationships and delivering effective communication that aligns global cybersecurity initiatives with business objectives and enterprise risk appetite.
• Lead executive-level communication for globally coordinated cyber initiatives, including board presentations, portfolio updates, and regulatory briefings
• Deliver tailored, transparent insights on delivery progress, cross-regional delays, and emerging security risks to ensure strategic alignment, build stakeholder trust, and enable informed decision-making across globally distributed teams

Technology & Solution Oversight

• Oversee the evaluation, selection, and global deployment of cyber and IT security solutions, ensuring alignment with the security architecture roadmap and delivery capability.
• Ensure solutions meet both functional and regulatory requirements, including in highly regulated sectors and multi-jurisdictional environments.
• Provide deep technical and strategic oversight for the selection, integration, and delivery of a wide range of IT security solutions, including:

• Identity & Access Governance: User Access Management (IAM, PAM, IDPs), Conditional Access & Just-in-Time Access, Authentication Assurance Level 2 & Passwordless Technologies, Cloud Infrastructure Entitlement Management (CIEM)
• Data Protection & Cryptography: Encryption & Key Management, Digital Rights Management (DRM), PKI, Data Classification, DLP.
• Threat Detection & Response: EDR/XDR Platforms, SIEM & SOAR, CTI integrations.
• Network & Cloud Security: Network Segmentation, ZTNA, NGFW, IDS/IPS, NAC, SASE, CASB, CSPM, CWP
• Security Automation & Orchestration: SOAR, AI/ML-driven solution to automate security, regulatory, compliance, and Threat Intelligence.

Program Strategy & Global Delivery Integration

• Define and drive the global cybersecurity program agenda, translating security strategy and regulatory mandates into actionable roadmaps aligned with enterprise priorities, investment planning, and regional execution needs.
• Integrate global delivery execution with strategic planning, collaborating with CISOs, technology, and compliance leaders to sequence initiatives, manage dependencies, and optimize resource allocation across jurisdictions.
• Ensure end-to-end alignment between enterprise architecture, regulatory timelines, and program design, enabling secure, scalable, and audit-ready delivery of cyber initiatives across complex, multi-regulatory environments (e.g., DORA, GDPR).

Stakeholder Engagement & Cross-Functional Integration

• Serve as the escalation point for program conflicts, interdependencies, or resource bottlenecks that impact security initiatives.
• Represent cyber programs in global delivery and regulatory governance forums, ensuring program visibility and alignment.

Qualifications & Experience:
Essential:

• 15+ years of progressive experience in Cyber Security, IT Program Management, or Technology Transformation, including 7+ years in senior leadership positions.
• Proven track record of delivering large-scale, regulatory-driven cybersecurity programs within complex, highly customized, and evolving multi-regional IT environments-preferably within a multinational insurance organization.
• Strong executive stakeholder management capabilities, with demonstrated ability to influence boards, regulatory bodies, and cross-functional leadership teams.
• Exceptional analytical and problem-solving skills, with the capacity to synthesize complex information and make data-driven decisions that support strategic business outcomes.
• Extensive experience in regulatory compliance, ensuring that cybersecurity practices align with industry standards and legal obligations.
• Solid understanding of the ERGO/MR Group strategy, structures, and operational processes.
• Demonstrated in-depth knowledge of enterprise technology and infrastructure, with hands-on expertise across at least five of the following technology domains:

• SIEM solutions (e.g., Microsoft Sentinel), and SOC workflows
• Endpoint Detection & Response (EDR) (e.g., Microsoft Defender, CyberArk EPM), Data Loss Prevention (DLP), and encryption standards
• Identity & Access Management (IAM) (e.g., SailPoint IIQ, One Identity Manager), Privileged Access Management (PAM) (e.g., CyberArk), and Identity Providers (IDPs)
• Application of AI/ML in security analytics, including User and Entity Behavior Analytics (UEBA)
• Network security architecture, including segmentation and secured communication protocols
• Cloud Security, including use of Cloud Access Security Brokers (CASB) (e.g., McAfee, Microsoft Defender)
• Application security tools, such as Fortify, Static and Dynamic Application Security Testing (SAST/DAST)
• Next-Generation Firewalls (NGFWs), Zero Trust Network Access (ZTNA) (e.g., Zscaler ZIA/ZPA), and Intrusion Detection/Prevention Systems (IDP/IPS)
• Cryptographic technologies, including Public Key Infrastructure (PKI), encryption standards, and key management
• Multi-Factor Authentication (MFA) platforms
• Cyber Threat Intelligence (CTI) platforms and centralized logging architectures
• Comprehensive email and network security solutions

• Proficient in using enterprise delivery and governance platforms (e.g., Clarity PPM, ServiceNow, Jira, Planview, Microsoft Project).
• Strong leadership and collaboration skills; proven ability to build and sustain long-term relationships with critical internal and external stakeholders.
• Experience managing and coordinating globally dispersed teams in complex, matrixed environments.
• Deep knowledge of regulatory and compliance frameworks and their integration into global delivery processes (e.g., GDPR, DORA, SOX, NIST, ISO/IEC 27001).

Preferred:

• Experience working across multi-jurisdictional environments, including North America, EMEA, and APAC.
• Bachelor's degree in Computer Science, Information Security, Engineering, or equivalent professional experience.
• Direct experience collaborating with regulatory authorities and audit stakeholders across various jurisdictions.