Senior Security Risk Management Specialist

About The Position

Requirements

• 5-8 years of IT security, privacy, audit, controls and regulatory compliance, or related experience.
• Experience conducting risk assessments aligned with industry standard frameworks & standards.
• Advanced understanding of IT domains: infrastructure, networking, storage, databases, operating systems, cloud, applications, etc.
• Strong understanding of security technologies and domains, including: SSO, IAM, DLP, EDR, SIEM, firewalls, gateways, IDS/IPS, CASB, antivirus, SSDLC, cryptography, PKI, etc.
• Knowledge of risk and control frameworks/standards (e.g., NIST CSF, NIST 800-53, ISO/IEC 27001, NIST 800-30, ISO/IEC 27005, etc.).
• Oral and written communication skills, demonstrating the ability to convey complex technical and security concepts and terminology to non-technical stakeholders.
• Ability to manage multiple projects/tasks simultaneously, including the ability to delegate key areas of responsibility.
• Ability to successfully liaise with individuals across a wide variety of operational, functional, and technical disciplines.
• Excellent analytical, problem-solving, and critical-thinking skills.
• Bachelor’s degree or equivalent experience

Nice To Haves

• 2+ years leadership role experience
• Insurance/Reinsurance industry knowledge/experience
• Information security, compliance, risk, or audit professional certifications, such as: CISSP, CISA, CISM, CGEIT, CRISC, CPA, OSCP, CCSP, CCSK
• Project management skills/experience
• Cloud risk assessment experience (e.g., AWS, Azure, Google Cloud, etc.)
• Cyber Risk Quantification (CRQ) experience (e.g., FAIR)
• Automation experience: Python, REST API, PowerShell, etc.
• Previous experience as a Systems Administrator, IT Auditor, Developer, Security Engineer, Penetration Tester, Cloud Engineer
• Master’s degree and/or LOMA certification

Responsibilities

• Conduct comprehensive security risk assessments of enterprise systems and processes, as well as provide recommendations for risk mitigation.
• Review, analyze, and provide recommendations for policy, standard, and baseline configuration exceptions.
• Perform vendor risk assessments to include inherent & residual risk identification, analysis, and mitigation, and additionally track risk remediation to completion.
• Provide recommendations for vendor contractual requirements stemming from vendor risk assessment outcomes.
• Serve as a project security advisor including risk analysis gate checks in the secure SDLC process.
• Conduct thorough threat modeling exercises to identify potential security vulnerabilities and risks.
• Stay current on security trends, threats, and best practices to continuously improve the organization's security posture.
• Perform other duties as assigned.

Benefits

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.
• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.
• Join the bright and creative minds of RGA, and experience vast, endless career potential.