Pierce is Hiring a Cyber Risk Management Lead Near New York, NY
Assume management of the security risk management process
Lead a team focused on collaborating and helping business units identify their security related risks
Ensure alignment of security policy, standards, and controls with the enterprise security risk management framework to produce scalability and flexibility
Working across the security teams, and collaboratively with business lines and functions to assess security related business impacting risks and their prioritization
Educate on and evangelize the cybersecurity risk management framework, allowing risk owners to execute on their commitments as owners
Identify risk owners, empower them with data for decision making, to help the execution of risk action plans, and all open and pending risks
Document and champion methods of using risk for prioritization, assisting teams in leveraging risk in their own planning methodologies
Partner closely with other teams managing elements of risk across Ascot, including our Privacy teams
Measure cybersecurity risk, identifying and tracking key risk indicators, and publish as part of metrics dashboards
Fully integrate cybersecurity into third party risk management, ensuring requirements are met by all types of our vendors and suppliers
Drive a culture of continuous risk management, where cybersecurity risk is both constantly measured and also baked into decision making frameworks
Integrate threat intelligence into risk management, ensuring our priorities are based on real world threats
Lead the cybersecurity metrics program, building ways to communicate state of cybersecurity to all stakeholders, include the board of directors
Requirements
Minimum of 8 years of experience in Cyber/IT Risk management
Property & Casualty insurance industry experience preferred
CRISC or equivalent certification required
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from senior leadership to technical specialists
Knowledge of current and upcoming methodologies and trends in the cybersecurity landscape
Project management skills to assist with the development and execution of strategic security roadmaps to strengthen and continuously improve information security of the business
Knowledge and understanding of the design and deployment of security capabilities in operational and manufacturing environments
Familiarity with existing and experimental cybersecurity philosophies and experience implementing leading edge capabilities
Excellent leadership skills to direct the information security team and collaborate with other business teams
Knowledge and experience with industry cyber security frameworks, such as NIST CSF, CIS, ISO27001
Regulatory compliance knowledge, including Lloyd's cyber principles, PRA/FCA, NYS DFS Part 500, BMA Cyber Code of Conduct, GDPR and CCPA