Pubblicato in: Altro in New York | Inviato: |
Assume management of the security risk management process.
Lead a team focused on collaborating and helping business units identify their security related risks.
Ensure alignment of security policy, standards, and controls with the enterprise security risk management framework to produce scalability and flexibility.
Working across the security teams, and collaboratively with business lines and functions to assess security related business impacting risks and their prioritization.
Educate on and evangelize the cybersecurity risk management framework, allowing risk owners to execute on their commitments as owners.
Identify risk owners, empower them with data for decision making, to help the execution of risk action plans, and all open and pending risks.
Document and champion methods of using risk for prioritization, assisting teams in leveraging risk in their own planning methodologies.
Partner closely with other teams managing elements of risk across Ascot, including our Privacy teams.
Measure cybersecurity risk, identifying and tracking key risk indicators, and publish as part of metrics dashboards.
Fully integrate cybersecurity into third party risk management, ensuring requirements are met by all types of our vendors and suppliers.
Drive a culture of continuous risk management, where cybersecurity risk is both constantly measured and also baked into decision making frameworks.
Integrate threat intelligence into risk management, ensuring our priorities are based on real world threats.
Lead the cybersecurity metrics program, building ways to communicate state of cybersecurity to all stakeholders, include the board of directors.
Requirements
Minimum of 8+ years of experience in Cyber/IT Risk management.
Property & Casualty insurance industry experience preferred.
CRISC or equivalent certification required.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from senior leadership to technical specialists.
Knowledge of current and upcoming methodologies and trends in the cybersecurity landscape.
Project management skills to assist with the development and execution of strategic security roadmaps to strengthen and continuously improve information security of the business.
Knowledge and understanding of the design and deployment of security capabilities in operational and manufacturing environments.
Familiarity with existing and experimental cybersecurity philosophies and experience implementing leading edge capabilities.
Excellent leadership skills to direct the information security team and collaborate with other business teams.
Knowledge and experience with industry cyber security frameworks, such as NIST CSF, CIS, ISO27001
Regulatory compliance knowledge, including Lloyd’s cyber principles, PRA/FCA, NYS DFS Part 500, BMA Cyber Code of Conduct, GDPR and CCPA.