Information Security & Cyber Manager

The Information Security & Cyber Manager, as part of the Enterprise Risk Management team, is the second line of defense for Cyber Security covering Munich Re’s Life and Health North America (LHNA) entities. The role supports the identification, prioritization, communication, and monitoring of cyber security risks in the Life and Health North America entities.

Key Accountabilities

• Support adoption of Munich Re’s Information Security Management (ISM) policies and guidelines, providing feedback to the VP ERM and Cluster ISO (Information Security Officer) on adaptions to the IS Strategy, ISM Policy, and Guidelines.
• Support / execute prioritized initiatives for Cyber Security covering Life and Health North America.
• Support local data protection initiatives such as data masking, unstructured data security, access management and access reduction, Data Leakage Prevention alert investigations, etc.
• Cyber risk dashboard coordination, update, and reporting to key stakeholders.
• Execution of ad hoc cyber risk assessments.
• Support client security requests.
• Support with data flow discovery and data residency.
• Support with project risk assessments.
• Local threat detection and industry data breach tracking.
• Proactive participation in risk and security forums and other relevant industry communities.
• Monitor cyber security and regulatory landscape.
• Support compliance with regulatory requirements and regulatory audits.
• Support Third Party Risk Management activities.
• Align security strategies with business objectives.
• Communicate, enforce, and update local and global Cyber Risk policies and guidelines.
• Participate in security audits and support gap remediation.
• Assist in cyber threat scenario creation and conduct incident response tabletop exercises.
• Support the creation and delivery of security awareness and training programs.
• Review contracts for confidentiality and data protection language.
• Assist in cyber risk process improvements and automation.
• Engage with internal and external stakeholders involved in information security, including BCM, Operational Risk, Third-Party Management, and Internal Audit.

Qualifications

• Bachelor's degree in information systems, computer science, or a relevant field; IT Security Management certification is a plus.
• 5+ years of relevant industry experience in implementing cyber risk processes and frameworks.
• Relevant security designations such as CRISC, CISM, CEH, CISA are beneficial.
• Experience in security risk and compliance management.
• Practical experience with client interactions and contract reviews.
• Experience supporting the remediation of information security gaps.
• Knowledge of regulatory compliance and data privacy laws (GDPR, PIPEDA, etc.).
• Knowledge of internationally recognized security standards and frameworks (ISO/IEC 27000 series, NIST CSF).

J-18808-Ljbffr