Own overall responsibilitiesfor LCH information security, support senior management in approving and overseeing cybersecurity risk management measures, and reporting security posture and risks to the ISMS Steering Committee and leadership. Define and maintain security requirements in intercompany agreements, monitor service provider compliance, conduct regular security reviews, and ensure audit rights are established in line with regulatory governance obligations. Perform and maintain risk assessments for outsourced services, validate provider risk and audit evidence, ensure compliance with regulatory and standards requirements, and maintain a comprehensive risk register. Oversee service provider incident management processes, ensure timely escalation of incidents, coordinate internal response actions, and ensure compliance with NIS2 incident notification requirements. Coordinate internal and external information security audits, validate compliance evidence, and ensure timely implementation of corrective and preventive actions aligned with regulatory expectations. Define and enforce access control and privileged access management requirements, oversee provisioning and deprovisioning processes, and ensure adherence to least privilege and segregation of duties principles. Promote cybersecurity awareness by collaborating with internal stakeholders to educate employees on best practices and organizational security responsibilities. Support incident response activities and lessons learned processes, working closely with IT and cybersecurity teams to strengthen resilience. Provide ongoing support across cybersecurity topics and coordinate actions with group cybersecurity and IT functions. Define and enhance the IT Business Continuity Management Plan (based on ISO22301), conduct BIAs assessments, maintain BCP/DRP documentation, define and monitor RTO/RPO, coordinate testing, ensure resilience of critical and third-party services, and supportcrisis management through clear communication, timely escalation, and coordinated stakeholder updates.