Pierce
Location: New York,NY, USA
Date: 2024-05-02T16:18:27Z
Job Description:
- Assume management of the security risk management process
- Lead a team focused on collaborating and helping business units identify their security related risks
- Ensure alignment of security policy, standards, and controls with the enterprise security risk management framework to produce scalability and flexibility
- Working across the security teams, and collaboratively with business lines and functions to assess security related business impacting risks and their prioritization
- Educate on and evangelize the cybersecurity risk management framework, allowing risk owners to execute on their commitments as owners
- Identify risk owners, empower them with data for decision making, to help the execution of risk action plans, and all open and pending risks
- Document and champion methods of using risk for prioritization, assisting teams in leveraging risk in their own planning methodologies
- Partner closely with other teams managing elements of risk across Ascot, including our Privacy teams
- Measure cybersecurity risk, identifying and tracking key risk indicators, and publish as part of metrics dashboards
- Fully integrate cybersecurity into third party risk management, ensuring requirements are met by all types of our vendors and suppliers
- Drive a culture of continuous risk management, where cybersecurity risk is both constantly measured and also baked into decision making frameworks
- Integrate threat intelligence into risk management, ensuring our priorities are based on real world threats
- Lead the cybersecurity metrics program, building ways to communicate state of cybersecurity to all stakeholders, include the board of directors
Requirements
- Minimum of 8+ years of experience in Cyber/IT Risk management
- Property & Casualty insurance industry experience preferred
- CRISC or equivalent certification required
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from senior leadership to technical specialists
- Knowledge of current and upcoming methodologies and trends in the cybersecurity landscape
- Project management skills to assist with the development and execution of strategic security roadmaps to strengthen and continuously improve information security of the business
- Knowledge and understanding of the design and deployment of security capabilities in operational and manufacturing environments
- Familiarity with existing and experimental cybersecurity philosophies and experience implementing leading edge capabilities
- Excellent leadership skills to direct the information security team and collaborate with other business teams
- Knowledge and experience with industry cyber security frameworks, such as NIST CSF, CIS, ISO27001
- Regulatory compliance knowledge, including Lloyd's cyber principles, PRA/FCA, NYS DFS Part 500, BMA Cyber Code of Conduct, GDPR and CCPA