Information Security Risk Manager

The Information Security Risk Manager (ISRM), as part of the Enterprise Risk Management team is the second line of defense for Cyber Security covering Munich Re’s Life and Health North America (LHNA) entities. The ISRM supports the identification, prioritization, communication, and monitoring of cyber security risks in the Life and Health North America entities.

Key Accountabilities

• Interim LHNA Cluster Information Security Officer
• Support adoption of Munich Re’s Information Security Management (ISM) policies and guidelines, providing feedback to the VP ERM and Cluster ISO (Information Security Officer) on adaptions to the IS Strategy, ISM Policy and Guidelines
• Support / execute prioritized initiatives for Cyber Security covering Life and Health North America
• Support local data protection initiatives such as data masking, unstructured data security, access management and access reduction, Data leakage Prevention alert investigations, etc.
• Cyber risk dashboard coordination,update and reporting to key stakeholders
• Execution of ad hoc cyber risk assessments
• Support client security requests
• Support with data flow discovery and data residency
• Support with project risk assessments
• Local threat detection and industry data breach tracking
• Proactive participation in risk and security forums and other relevant industry communities
• Monitor cyber security and regulatory landscape
• Supports compliance with regulatory requirements and regulatory audits
• Support Third Party Risk Management activities
• Alignment between security and business strategy
• Communication, enforcement and update of local and Global Cyber Risk policies and guidelines
• Participation in security audits and support gap remediation
• Support cyber threat scenario creation and participation in incident response tabletop exercises
• Support creation and execution of security awareness and training programs
• Support contract reviews for confidentiality and data protection language
• Support cyber risk process improvements and process automation
• Continual interaction with other relevant internal and external stakeholders, from 2nd line of defense, that have an interface to information security, such as BCM (Business Continuity Management), Operational Risk and Third-Party Management Function and Internal Audit.

Qualifications

• Bachelor's degree in information systems, computer science or a relevant field,IT Security Management certificate would be an asset
• 5+ years relevant industry experience in implementing cyber risk processes and frameworks
• Other information security designations such as CRISC, CISM, CEH, CISA would be beneficial
• Demonstrated experience in security risk and compliance management
• Practical experience in client contacts and contract review
• Demonstrated experience in supporting the remediation of information security gaps
• Sound knowledge of regulatory compliance and data privacy requirements (GDPR, PIPEDA (Personal Information Protection and Electronic Documents Act), etc.)
• Sound knowledge of internationally recognized information security standards and frameworks (ISO / IEC 27000 family, NIST CSF)

What Can We Offer You?

We are pleased to offer our employees great benefits and resources to support their mental, physical and financial wellbeing. These include :

• An engaging and collaborative environment that promotes continuous learning and development
• A hybrid work environment that combines weekly in-office and remote days with Meeting-Free lunch hours and Focus Friday afternoons
• A great compensation package including annual company bonus
• Market leading company-paid flexible health and dental benefits, starting on your first day
• Flexible dollars provided by the company to put towards Health Spending Account and / or Wellness Spending Account
• Immediate participation in DC Pension Plan with an automatic 5% employer contribution, plus optional company match
• Generous time off including vacation, personal days, unplanned time, Statutory Holidays and company-wide early closure half-days
• Learning and development programs and resources, including unlimited access to LinkedIn Learning, Education Assistance Program and reimbursement for professional fees
• Maternity, Parental & Adoption Leave top-up program
• Employee Referral Program, Recognition & Rewards Platform

Together, we engage with everything we have and are, to help humankind act braver and better.

As the world’s leading reinsurance company with more than 40,000 employees in over 50 locations around the globe, Munich Re introduces a paradigm shift in the way you think about insurance. By turning uncertainty into manageable risk, we enable fundamental change. We recognize Diversity, Inclusion, and Belonging as a key priority with a culture that welcomes different thoughts and opinions. We dare to think big and are continuously innovating on behalf of our clients.

Our data, our technology, and our teams place us in a unique position to drive transformative change in the life insurance industry. We invest strategically in our world class talent, offering our employees a work experience that promotes professional development, innovation, and rewards high performance.

Please note that only candidates who are selected for interview will be contacted directly. We thank all candidates for their interest.

Munich Re is committed to providing a work environment that is inclusive and free of employment barriers and discrimination. Accommodations will be made for qualified applicants with a disability throughout the recruitment process. If you receive a request for an interview and you have a disability which will require an accommodation to support your participation, please contact as soon as practical so that suitable accommodations can be arranged.

Manager Information Security • Canada (Life), Toronto