Senior Security & Risk Management Specialist

About The Position

Requirements

• Bachelor’s Degree in Arts/Sciences (BA/BS) or equivalent experience - Required
• ServiceNow Certification as GRC Admin or GRC/IRM implementation analyst, OR ServiceNow University GRC: Integrated Risk Management (IRM) Implementer - Required
• 4+ years' relevant experience in IT security, privacy, audit, controls and regulatory compliance, or related experience.
• Deep understanding of ServiceNow platform and its capabilities, dependencies with proficiency in ServiceNow administration and development and architectural requirements with experience in Versions of Xanadu or Yokohama
• ServiceNow GRC framework and process administration (Regulatory Change Management a plus)
• General knowledge of business and technology operations; ability to work well within a team setting and maintain a high level of confidentiality
• Intermediate knowledge of global standards and regulations regarding security, privacy, and fraud.
• Demonstrated ability to learn and stay current on data privacy, data security, and fraud threats and vulnerabilities.
• Intermediate organizational, planning and task management skills with high attention to detail; ability to adjust to changing priorities and work under tight timelines
• Investigative, analytical and problem-solving skills; ability to set goals, communicate expected outcomes and liaise with individuals across a variety of functions and levels
• Excellent customer service skills; ability to balance multiple priorities, deadlines and deliverables while maintaining a positive attitude
• Intermediate oral and written communication skills; ability to convey information in a clear and concise manner and provide regular proactive updates to team members, key stakeholders, and mid-level management
• Quick to adapt to new methods; ability to be flexible when needed, take initiative and demonstrate accountability
• ServiceNow Expertise as GRC Admin or GRC/IRM implementation analyst OR ServiceNow University GRC: Integrated Risk Management (IRM) Implementer
• Strong understanding of GRC Lifecycles management (Policy, Controls, Audit, Risk, Regulatory Change Management, Advance Risk and Advance Audit)
• Strong understanding of Reporting, Dashboards, and workspace within ServiceNow
• Understanding of Regulatory tool integrations with ServiceNow
• Strong understanding of Entities/CMDB within ServiceNow
• Microsoft Office application experience (Excel, Word, Visio, Teams, SharePoint)
• Familiarity with IT and security systems
• Knowledge of applicable regulations such as Sarbanes-Oxley, DORA, NY DFS, GLBA, GDPR etc.

Nice To Haves

• Master’s degree in Arts/Sciences (MA/MS) or professional industry certification - Preferred
• Insurance/Reinsurance industry experience or certifications
• Information security, privacy, compliance, risk or audit professional certifications, such as: SSCP, CIPP, CISA and Security+
• Intermediate understanding of domestic and global security & privacy regulations
• IT Control Frameworks including NIST CSF/P, NIST AI, COBIT, ITIL, ISO 27001/27002, CIS, etc.
• Knowledge of risk assessment methods
• Information security, privacy, compliance, risk or audit professional certifications, such as: SSCP and Security+
• Experience reviewing SOC1 and SOC2 attestations
• Project management skills/experience
• Power-BI Experience for reporting, queries and creating dashboards

Responsibilities

• Work with functional and technical requirements to design and implement work within ServiceNow Enterprise IRM Applications.
• Support and maintain ongoing processes, for Enterprise IRM Applications. scope, product, and operational changes/maintenance.
• Support, validate requirements to developers and deployment including user acceptance testing and agile testing- assuring alignment between stories and stakeholders and take processes into features/requirements for implementations.
• Understands and works with ServiceNow architectural requirements and dependencies
• Collaborate with compliance, security and technology professionals on projects related to compliance with global data protection laws.
• Facilitates incoming audits and assessments, coordinating discussions with appropriate owners and business stakeholders, and follows up on any remediation activities identified to meet associated due dates to ensure timely completion.
• Participates in the development of policies, standards, controls, procedures, and security audits and assessments.
• The scope of routine activities and tasks in this role will be in support of one or more functional areas, the department or division.
• Performs other duties as assigned

Benefits

• RGA also maintains a full range of health, retirement, and other employee benefits.