Cyber Risk Management Lead

• Assume management of the security risk management process.
• Lead a team focused on collaborating and helping business units identify their security related risks.
• Ensure alignment of security policy, standards, and controls with the enterprise security risk management framework to produce scalability and flexibility.
• Working across the security teams, and collaboratively with business lines and functions to assess security related business impacting risks and their prioritization.
• Educate on and evangelize the cybersecurity risk management framework, allowing risk owners to execute on their commitments as owners.
• Identify risk owners, empower them with data for decision making, to help the execution of risk action plans, and all open and pending risks.
• Document and champion methods of using risk for prioritization, assisting teams in leveraging risk in their own planning methodologies.
• Partner closely with other teams managing elements of risk across Ascot, including our Privacy teams.
• Measure cybersecurity risk, identifying and tracking key risk indicators, and publish as part of metrics dashboards.
• Fully integrate cybersecurity into third party risk management, ensuring requirements are met by all types of our vendors and suppliers.
• Drive a culture of continuous risk management, where cybersecurity risk is both constantly measured and also baked into decision making frameworks.
• Integrate threat intelligence into risk management, ensuring our priorities are based on real world threats.
• Lead the cybersecurity metrics program, building ways to communicate state of cybersecurity to all stakeholders, include the board of directors.

Requirements

• Minimum of 8+ years of experience in Cyber/IT Risk management.
• Property & Casualty insurance industry experience preferred.
• CRISC or equivalent certification required.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels, ranging from senior leadership to technical specialists.
• Knowledge of current and upcoming methodologies and trends in the cybersecurity landscape.
• Project management skills to assist with the development and execution of strategic security roadmaps to strengthen and continuously improve information security of the business.
• Knowledge and understanding of the design and deployment of security capabilities in operational and manufacturing environments.
• Familiarity with existing and experimental cybersecurity philosophies and experience implementing leading edge capabilities.
• Excellent leadership skills to direct the information security team and collaborate with other business teams.
• Knowledge and experience with industry cyber security frameworks, such as NIST CSF, CIS, ISO27001
• Regulatory compliance knowledge, including Lloyd’s cyber principles, PRA/FCA, NYS DFS Part 500, BMA Cyber Code of Conduct, GDPR and CCPA.