Risk Analyst Sr - Cyber Security

Risk Analyst Sr - Cyber Security Company Munich Re America Services Location Princeton , United States

Munich Re America Services (MRAS) is a shared service organization that delivers services to all Munich Re US P&C Companies and other group entities.

We're adding to our diverse team of experts and are looking to hire those who are committed to building a culture that enables the creation of innovative solutions for our business units and clients.

The Company

As a member of Munich Re's US operations, we offer the financial strength and stability that comes with being part of the world's preeminent insurance and reinsurance brand. Our risk experts work together to assemble the right mix of products and services to help our clients stay competitive - from traditional reinsurance coverages, to niche and specialty reinsurance and insurance products.

The Opportunity

Future focused and always one step ahead

The principal responsibility of this position is to lead the program ensuring Munich RE's compliance with US and Canadian legal and regulatory requirements. As part of the Integrated Risk Management Function (IRM), the holder of this position will also be supporting the implementation of Information Security Management (ISM) vision in The Americas, consistent with the MR Group strategy. This position will support the independent review and assessment of security risks, including maintenance, operations, processes & policies and regularly report on issues. Close alignment with IT, Legal & Compliance, the Data Protection Officer, Corporate Insurance Risk Manager, BCM, and Global IRM are required.

Responsibilities:

• Support the second line of defense supervision on the execution of the cyber maturity program for US Non-Life entities.
  
  • Review, assess, and challenge the design, maintenance & operations of procedures and measures in the overall Cyber Security Program to mitigate security risks and report issues to local & group management and Board of Directors. Establish & maintain risk assessment criteria & methodology.
  • Verify the implementation of cybersecurity policies and guidelines by testing actual security arrangements vs. what the policy requires
  • Testing IT Security provided reports for accuracy, e.g. by using documentation (such as log files and change protocols) to reconstruct system and intervention records and verify that events happened as protocols recorded they did
• Establish and lead a multi-functional program to ensure the compliance of GSI and MR-US with the New York Department of Financial Services Cybersecurity regulation, California Consumer Privacy legislation, and various state Insurance Data Security acts, and relevant Canadian regulation.
  
  • Form and lead a project team of subject matter experts
  • Analyze current business practices vs. the requirements of the revised regulation
  • Document compliance and develop resolution plans for any gaps found
  • Maintain visibility on the evolving regulatory landscape.
• Work with the Group IRM organization in the further development and deployment of the One Group Cyber Ambition, Munich RE's cybersecurity strategy.
• Identify controls, risks, and necessary countermeasures to support the Risk Assessment and Control Evaluation process for business applications
• Host external as well as internal audits probing cybersecurity matters. Communicate effectively with legal and regulatory authorities conducting these audits, representing the Company together with Legal.
• Provide expert opinions on IT implications of legal and regulatory statues. This requires solid comprehension of both legal concepts as well as information technology and cyber subject matters.

Qualifications:

• Undergraduate or graduate degree in computer science, information security, IT management or related field. A technical undergraduate degree with an MBA or Risk Management credentials is desirable.
• 5+ years' experience preferred including 2 years in IT Management or related role. Background in IT security and risk management is a significant plus.
• Experience in a global company or (re)insurance industry desired
• Information security management qualifications such as one of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) is desirable.
• Strong people, and team/relationship building skills including facilitation, mediation and conflict resolution. Demonstrated ability to develop and cultivate a dynamic, progressive team.
• Excellent interpersonal skills and demonstrated ability to influence others, communicate effectively, both verbally and in writing, in a clear and concise manner to a variety of audiences (incl. Board level)
• Extensive knowledge of IT security and privacy standards, technologies, and practices.
• Advanced understanding of the following areas: security governance, enterprise risk management, incident response, managed security services, software as a solution security management.

At Munich Re, we see Diversity, Equity and Inclusion as a solution to the challenges and opportunities all around us. Our goal is to foster an inclusive culture and build a workforce that reflects the customers we serve and the communities in which we live and work. We strive to provide a workplace where all of our colleagues feel respected, valued and empowered to achieve their very best every day. We recruit and develop talent with a focus on providing our customers the most innovative products and services.

We are an equal opportunity employer. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

#LI-MB1