The Information Security Risk Manager (ISRM), as part of the Enterprise Risk Management team is the second line of defense for Cyber Security covering Munich Re’s Life and Health North America (LHNA) entities. The ISRM supports the identification, prioritization, communication, and monitoring of cyber security risks in the Life and Health North America entities.
Key Accountabilities
Interim LHNA Cluster Information Security Officer
Support adoption of Munich Re’s Information Security Management (ISM) policies and guidelines, providing feedback to the VP ERM and Cluster ISO (Information Security Officer) on adaptions to the IS Strategy, ISM Policy and Guidelines
Support/execute prioritized initiatives for Cyber Security covering Life and Health North America
Support local data protection initiatives such as data masking, unstructured data security, access management and access reduction, Data leakage Prevention alert investigations, etc.
Cyber risk dashboard coordination, update and reporting to key stakeholders
Execution of ad hoc cyber risk assessments
Support client security requests
Support with data flow discovery and data residency
Support with project risk assessments
Local threat detection and industry data breach tracking
Proactive participation in risk and security forums and other relevant industry communities
Monitor cyber security and regulatory landscape
Supports compliance with regulatory requirements and regulatory audits
Support Third Party Risk Management activities
Alignment between security and business strategy
Communication, enforcement and update of local and Global Cyber Risk policies and guidelines
Participation in security audits and support gap remediation
Support cyber threat scenario creation and participation in incident response tabletop exercises
Support creation and execution of security awareness and training programs
Support contract reviews for confidentiality and data protection language
Support cyber risk process improvements and process automation
Continual interaction with other relevant internal and external stakeholders, from 2nd line of defense, that have an interface to information security, such as BCM (Business Continuity Management), Operational Risk and Third-Party Management Function and Internal Audit.
Qualifications
Bachelor's degree in information systems, computer science or a relevant field, IT Security Management certificate would be an asset
5+ years relevant industry experience in implementing cyber risk processes and frameworks
Other information security designations such as CRISC, CISM, CEH, CISA would be beneficial
Demonstrated experience in security risk and compliance management
Practical experience in client contacts and contract review
Demonstrated experience in supporting the remediation of information security gaps
Sound knowledge of regulatory compliance and data privacy requirements (GDPR, PIPEDA (Personal Information Protection and Electronic Documents Act), etc.)
Sound knowledge of internationally recognized information security standards and frameworks (ISO/IEC 27000 family, NIST CSF)
What Can We Offer You?
We are pleased to offer our employees great benefits and resources to support their mental, physical and financial wellbeing. These include:
An engaging and collaborative environment that promotes continuous learning and development
A hybrid work environment that combines weekly in-office and remote days with Meeting-Free lunch hours and Focus Friday afternoons
A great compensation package including annual company bonus
Market leading company-paid flexible health and dental benefits, starting on your first day
Flexible dollars provided by the company to put towards Health Spending Account and/or Wellness Spending Account
Immediate participation in DC Pension Plan with an automatic 5% employer contribution, plus optional company match
Generous time off including vacation, personal days, unplanned time, Statutory Holidays and company-wide early closure half-days
Learning and development programs and resources, including unlimited access to LinkedIn Learning, Education Assistance Program and reimbursement for professional fees
Maternity, Parental & Adoption Leave top-up program
Employee Referral Program, Recognition & Rewards Platform
Munich Re is committed to providing a work environment that is inclusive and free of employment barriers and discrimination. Accommodations will be made for qualified applicants with a disability throughout the recruitment process. If you receive a request for an interview and you have a disability which will require an accommodation to support your participation, please contact as soon as practical so that suitable accommodations can be arranged.
#J-18808-Ljbffr