Pierce Technology
Location: New York,NY, USA
Date: 2024-04-23T08:42:41Z
Job Description:
- Assume management of the security risk management process.
- Lead a team focused on collaborating and helping business units identify their security related risks.
- Ensure alignment of security policy, standards, and controls with the enterprise security risk management framework to produce scalability and flexibility.
- Working across the security teams, and collaboratively with business lines and functions to assess security related business impacting risks and their prioritization.
- Educate on and evangelize the cybersecurity risk management framework, allowing risk owners to execute on their commitments as owners.
- Identify risk owners, empower them with data for decision making, to help the execution of risk action plans, and all open and pending risks.
- Document and champion methods of using risk for prioritization, assisting teams in leveraging risk in their own planning methodologies.
- Partner closely with other teams managing elements of risk across Ascot, including our Privacy teams.
- Measure cybersecurity risk, identifying and tracking key risk indicators, and publish as part of metrics dashboards.
- Fully integrate cybersecurity into third party risk management, ensuring requirements are met by all types of our vendors and suppliers.
- Drive a culture of continuous risk management, where cybersecurity risk is both constantly measured and also baked into decision making frameworks.
- Integrate threat intelligence into risk management, ensuring our priorities are based on real world threats.
- Lead the cybersecurity metrics program, building ways to communicate state of cybersecurity to all stakeholders, include the board of directors.
Requirements
- Minimum of 8+ years of experience in Cyber/IT Risk management.
- Property & Casualty insurance industry experience preferred.
- CRISC or equivalent certification required.
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from senior leadership to technical specialists.
- Knowledge of current and upcoming methodologies and trends in the cybersecurity landscape.
- Project management skills to assist with the development and execution of strategic security roadmaps to strengthen and continuously improve information security of the business.
- Knowledge and understanding of the design and deployment of security capabilities in operational and manufacturing environments.
- Familiarity with existing and experimental cybersecurity philosophies and experience implementing leading edge capabilities.
- Excellent leadership skills to direct the information security team and collaborate with other business teams.
- Knowledge and experience with industry cyber security frameworks, such as NIST CSF, CIS, ISO27001
- Regulatory compliance knowledge, including Lloyd's cyber principles, PRA/FCA, NYS DFS Part 500, BMA Cyber Code of Conduct, GDPR and CCPA.