Title:  Cyber Security Risk Manager

Cyber Security Risk Manager

Level 9

Hiring Manager:  Lauren Tredinnick

Recruiter:  Jessica Pruiti

We are adding to our diverse team of experts and are looking to hire those who are committed to building a culture that enables the creation of innovative solutions for our business units and clients.

The Company

Munich Re America Services (MRAS) is a shared service organization that delivers services to all Munich Re US P&C Companies and other group entities.

As a member of Munich Re's US operations, we offer the financial strength and stability that comes with being part of the world's preeminent insurance and reinsurance brand. Our risk experts work together to assemble the right mix of products and services to help our clients stay competitive – from traditional reinsurance coverages, to niche and specialty reinsurance and insurance products.

The Opportunity

Future focused and always one step ahead!

This position is part of the Integrated Risk Management Function with responsibility for implementing a Regional Information Security Management (ISM) enterprise vision, strategy and program consistent with the MR Group, and reflecting local regulatory requirements to ensure availability & integrity of information assets. This includes the secure handling of Non-Public Information (NPI), client information and data, our intellectual property and confidential information as well as ensuring the security of our employees’ sensitive information. This position will independently review and assess security risks, including maintenance, operations, processes & policies and regularly report on issues. Close alignment with IT, Legal & Compliance, the Data Protection Officer, Corporate Insurance Risk Manager, and BCM and Facilities functions at each entity is required.

Responsibilities:

In the order of importance list the major tasks or duties performed regularly to fulfill the basic function of the position.  Begin each accountability with an action verb (e.g., manage, implement, develop, evaluate, negotiate, determine).  In most circumstances, there should not be more than 8 major accountabilities.

• Independently review assess and challenge the design, maintenance & operations of procedures and measures in the overall Cyber Security Program to mitigate security risks and report issues to local & group management and Board of Directors. Serve as independent expert advisor to executive leadership. 
• Manage, develop, and inspire a team of risk analysts of varying experience levels.
• Demonstrates a deep understanding of NYDFS Part 500 Cybersecurity regulations and other cyber related laws and regulations and their implications for the Company and ensuring compliance with NYDFS regulations, including 23 NYCRR Part 500, and other relevant cyber related laws and standards.
• As a member of the NA Security Incident Response Team (SIRT), evaluate (significant) IT security incidents and assist in their management, documentation, and reporting.  Assess materiality of risk at the time of a breach in the context of Enterprise Risk for the legal entities impacted.  Ensure effectiveness of early warning system and the management of incidents.
• Implement and contribute to the development of MR group or establish local US Non-Life policies, guidelines & work instructions on information security management.  Deliver Standard reports in collaboration with IT on ISM to the MRM CISO, who provides functional guidance & requirements; and to local Boards and Risk Committees.  Contribute to global information security strategic initiatives representing the Risk Management function for the region.
• In collaboration with the Group’s Non-financial Risk function, develop and deliver training  regarding security awareness, secure business & communications practices, and policies.
• Understand the diverse landscape of US Non-Life business operations and the security risks for each entity.  Stay current on innovation & new product introduction in the context of security risk.
• Collaborate with IT, Legal, Facilities Management to ensure security decisions align with government & industry regulations as well as risk management best practices and business goals. 
• Ensure security standards and practices maintain compliance and stay current with threats, vulnerabilities, and control techniques, in each business/Legal Entity.  Propose initiatives and changes in standards whenever needed.  Support development of business case and benefits for Information security investments. 
• Serve as a member of the US Non-Life IRM leadership team and make decisions in the best interest of the team.

Qualifications:

• Undergraduate degree in computer science, information security, IT management or related field.  A technical undergraduate degree with an MBA or Risk Management credentials is desirable.
• 10+ years’ experience including 5 years in IT Management or related role preferred
• 5 or more years management experience or experience in a position of heavy influence preferred
• Experience in a global company or (re)insurance industry desired
• Information security management qualifications such as one of the following certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) is desirable.
• Strong people, and team/relationship building skills including facilitation, mediation, and conflict resolution.  Demonstrated ability to develop and cultivate a dynamic, progressive team.
• Excellent interpersonal skills and demonstrated ability to influence others, communicate effectively, both verbally and in writing, in a clear and concise manner to a variety of audiences (technical through Board level management.)
• Extensive knowledge of business continuity planning, auditing, and risk management.
• Extensive knowledge of IT security and privacy standards, technologies, and practices.
• Advanced understanding of one or more of the following areas: security governance standards, enterprise risk management, incident response, managed security services, software as a solution security management.

The Company is open to considering candidates in numerous locations, including Princeton, NJ. The salary range posted below applies to the Company’s Princeton location.

The base salary range anticipated for this position is $141,800 - $207,900 plus opportunity for company bonus based upon a percentage of eligible pay.  In addition, the company makes available a variety of benefits to employees, including health insurance coverage, an employee wellness program, life and disability insurance, 401k match, retirement savings plan, paid holidays and paid time off (PTO). 

The salary estimate displayed represents the typical salary range for candidates hired in this position in Princeton, NJ. Factors that may be used to determine your actual salary include your specific skills, how many years of experience you have and comparison to other employees already in this role. Most candidates will start in the bottom half of the range.

At Munich Re, we see Diversity, Equity and Inclusion as a solution to the challenges and opportunities all around us. Our goal is to foster an inclusive culture and build a workforce that reflects the customers we serve and the communities in which we live and work. We strive to provide a workplace where all of our colleagues feel respected, valued and empowered to achieve their very best every day. We recruit and develop talent with a focus on providing our customers the most innovative products and services.   

We are an equal opportunity employer. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.