Sr. Risk Analyst - Cyber

Hiring Manager: Warren Meilicke

Recruiter: Kyle Corder

Level: 8

Hybrid position and will be require to be in office 40-50% (Cincinnati, OH, Princeton, NJ, Hartford, CT)

***Applicants must be authorized to work in the U.S. without the need for visa sponsorship now or in the future***

We are adding to our diverse team of experts and are looking to hire those who are committed to building a culture that enables the creation of innovative solutions for our business units and clients.

The Company

Munich Re America Services (MRAS) is a shared service organization that delivers services to all Munich Re US P&C Companies and other group entities.

As a member of Munich Re's US operations, we offer the financial strength and stability that comes with being part of the world's preeminent insurance and reinsurance brand. Our risk experts work together to assemble the right mix of products and services to help our clients stay competitive - from traditional reinsurance coverages, to niche and specialty reinsurance and insurance products.

The Opportunity

Future focused and always one step ahead!

As part of the Integrated Risk Management Function (IRM), the holder of this position will also be supporting implementation of the Munich Re Group Information Security Management (ISM) framework across North America Non-Life entities. The key objective is to ensure the effective implementation and adaptation of ISM requirements at the entity level, aligned with local regulatory requirements and Group-wide objectives. Additionally, this role will support the independent review and assessment of information security risks, including maintenance, operations, processes & policies and regularly report on issues. Close collaboration and alignment with various functional areas is essential, including IT, Legal & Compliance, Third-Party Risk Management, Business Continuity Management (BCM), and entity-level Management.

Responsibilities:

• Support the implementation of the ISM framework that aligns with both local and Group requirements, entailing the identification, measurement, monitoring, control, and reporting of non-financial risks, with a specific focus on information security
• Review, assess, and challenge the design, maintenance, and operations of procedures and measures to mitigate security risks and report issues to local and group management and Board of Directors.
• Verify the implementation of ISM policies and guidelines by validating security arrangements against what the policy requires
• Validate IT Security provided reports for accuracy, using documentation such as log files and change protocols to reconstruct system and intervention records
• Participate in information security incident task forces, including post-incident reviews and "Lessons Learned" exercises, to evaluate and manage significant information security incidents
• Promote risk awareness among staff, particularly regarding information security, and develop and deliver associated training programs to enhance awareness and compliance
• Support a multi-functional program aimed at ensuring compliance with relevant regulatory requirements, including the New York Department of Financial Services Cybersecurity regulation, California Consumer Privacy legislation, various state Insurance Data Security acts, and applicable Canadian regulations
• Form and lead a project team of subject matter experts
• Analyze current business practices vs. the requirements of the regulations
• Document compliance and develop resolution plans for any identified gaps
• Maintain visibility on the evolving regulatory landscape
• Contribute to the development and revision of company guidelines related to information security management, business continuity, and third-party risk management, ensuring alignment with local requirements
• Participate in external and internal audits probing cybersecurity matters, communicating effectively with legal and regulatory authorities and representing the Company together with Legal
• Provide expert opinions on IT implications of legal and regulatory statutes, requiring solid comprehension of both legal concepts and information technology and cyber subject matters

Qualifications:

• Undergraduate or graduate degree in computer science, information security, IT management or related field. A technical undergraduate degree with an MBA or Risk Management credentials is desirable
• 5 years' experience preferred with a background in IT security and risk management
• Experience in a global company or (re)insurance industry desired
• Information security management qualifications such as one of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) is desirable
• Strong people, and team/relationship building skills including facilitation, mediation and conflict resolution. Demonstrated ability to develop and cultivate a dynamic, progressive team
• Excellent interpersonal skills and demonstrated ability to influence others, communicate effectively, both verbally and in writing, in a clear and concise manner to a variety of audiences (incl. Board level)
• Extensive knowledge of IT security and privacy standards, technologies, and practices
• Advanced understanding of the following areas: security governance, enterprise risk management, incident response, managed security services, software as a solution security management
• This position requires a deep comprehension of information security areas of expertise
• Broad business knowledge across insurance & non-insurance entities must be leveraged to support (internal & external) governance for Information Security and Compliance topics.
• Ability to think strategically, solve new & complex problems and apply sound judgment
• Position interacts with Board committees and regional and global senior management
• Collaborate with IT, Legal, Compliance Management to ensure security decisions align with government & industry regulations as well as risk management best practices and business goals
• Staying current on information security risks, as well as legal and regulatory requirements
• Must be able to travel up to 10% of time domestically and take an international trip as required

At Munich Re, we see Diversity, Equity and Inclusion as a solution to the challenges and opportunities all around us. Our goal is to foster an inclusive culture and build a workforce that reflects the customers we serve and the communities in which we live and work. We strive to provide a workplace where all of our colleagues feel respected, valued and empowered to achieve their very best every day. We recruit and develop talent with a focus on providing our customers the most innovative products and services.

We are an equal opportunity employer. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.