Talent.com
Information Security & Cyber Manager

Information Security & Cyber Manager

Munich ReOld Toronto, ON, Canada
30+ days ago
Job description

The Information Security & Cyber Manager, as part of the Enterprise Risk Management team, is the second line of defense for Cyber Security covering Munich Re’s Life and Health North America (LHNA) entities. The role supports the identification, prioritization, communication, and monitoring of cyber security risks in the Life and Health North America entities.

Key Accountabilities

  • Support adoption of Munich Re’s Information Security Management (ISM) policies and guidelines, providing feedback to the VP ERM and Cluster ISO (Information Security Officer) on adaptions to the IS Strategy, ISM Policy and Guidelines.
  • Support / execute prioritized initiatives for Cyber Security covering Life and Health North America.
  • Support local data protection initiatives such as data masking, unstructured data security, access management and access reduction, Data Leakage Prevention alert investigations, etc.
  • Cyber risk dashboard coordination, update and reporting to key stakeholders.
  • Execution of ad hoc cyber risk assessments.
  • Support client security requests.
  • Support with data flow discovery and data residency.
  • Support with project risk assessments.
  • Local threat detection and industry data breach tracking.
  • Proactive participation in risk and security forums and other relevant industry communities.
  • Monitor cyber security and regulatory landscape.
  • Supports compliance with regulatory requirements and regulatory audits.
  • Support Third Party Risk Management activities.
  • Alignment between security and business strategy.
  • Communication, enforcement, and update of local and Global Cyber Risk policies and guidelines.
  • Participation in security audits and support gap remediation.
  • Support cyber threat scenario creation and participation in incident response tabletop exercises.
  • Support creation and execution of security awareness and training programs.
  • Support contract reviews for confidentiality and data protection language.
  • Support cyber risk process improvements and process automation.
  • Continual interaction with other relevant internal and external stakeholders, from 2nd line of defense, that have an interface to information security, such as BCM (Business Continuity Management), Operational Risk, Third-Party Management Function, and Internal Audit.

Qualifications

  • Bachelor's degree in information systems, computer science, or a relevant field; IT Security Management certificate would be an asset.
  • 5+ years relevant industry experience in implementing cyber risk processes and frameworks.
  • Other information security designations such as CRISC, CISM, CEH, CISA would be beneficial.
  • Demonstrated experience in security risk and compliance management.
  • Practical experience in client contacts and contract review.
  • Demonstrated experience in supporting the remediation of information security gaps.
  • Sound knowledge of regulatory compliance and data privacy requirements (GDPR, PIPEDA (Personal Information Protection and Electronic Documents Act), etc.).
  • Sound knowledge of internationally recognized information security standards and frameworks (ISO / IEC 27000 family, NIST CSF).
  • J-18808-Ljbffr