About the Client
Our client is one of the world’s leading providers of reinsurance, insurance and other forms of insurance-based risk transfer, working to make the world more resilient. They anticipate and manage a wide variety of risks, from natural catastrophes and climate change to cybercrime.
About the Role
You will be a part of the Third Party Cyber Risk Management security service team. The goal of this team is to identify and assess third parties with a high cyber risk exposure, assess compliance with security best-practice-standards, specific internal requirements and ensure in close coordination with third parties that risk mitigation activities are implemented.
You will cooperate with a specialized offshore assessment team and will build up an internal network with specialists and service recipients across the whole organization. You act as an enabler and coordinator between the stakeholders and the assessment team.
Your responsibilities will be assessments of third parties during due diligence / onboarding and during the time providing service, in areas of special needs, or in cases where assurance reports require a risk-based review.
You will get insights into many companies and learn about different approaches to handle cyber risks.
This important role requires deep domain expertise as you have to raise relevant concerns regarding the control framework of a third party and to express the related risks from a business point of view, and in business terms.
You collaborate with the assessed third parties to develop an action plan to mitigate risks. For this role, you should be able to outline the risks identified, expectations and recommendations to third parties, explain how to improve the control environment and supervise observations through to resolution.
• 5+ years' experience in IT Audit, IT risk management or cyber security management (CISA, CISM or similar certification is a plus)
• Deep knowledge of information security on a technical as well as a security management level
• Knowledge of ISO 27'00x / NIST SP 800-53 / ISAE 3000 / SOC 2 standards and reports
• Ability to describe IT related risks and controls, bring them into the business context and communicate assessment results effectively at all levels of the organization
• Degree or qualification in Business IT related subject area or equivalent technical and business experience
• Good to excellent command of English
Nice to Have Skills