Risk Manager / Information Security Risk Manager

We are seeking highly-motivated individuals with professional experience to join our team as Risk Manager / Information Security Risk Manager, Risk Management.

ERGO Insurance Pte. Ltd. is a registered general insurer regulated by the Monetary Authority of Singapore. We are a wholly owned Singapore subsidiary of ERGO Group AG, one of the major insurance groups in Germany and Europe, and we are the primary insurance arm of Munich Re, one of the leading reinsurers and risk carriers worldwide.

www.ergo.com.sg

There are countless good reasons to pick ERGO as an Employer.

No matter where you are in your career, we offer various development opportunities in all departments at all levels.

You’ll experience a fair and open-minded culture where every employee is trusted and valued.

We support you on your career path. Professional development is a central part of our philosophy: we give all our staff the opportunity to develop, both personally and professionally.

If you have a strong passion to succeed and aspire to join a company that can offer you an interesting and diverse career, we look forward to meeting you!

To be successful in this role, you will possess the following experience, knowledge and skills:

• Degree in Business Administration, Finance, Computer Science or equivalent

• 7+ years of relevant work experience in roles such as Technology Risk Manager, Information Security Officer, Enterprise Risk Manager, IT Auditor, Hybrid Auditor (IT and general) and Big 4 auditors.

• Industry qualifications such as CRISC, CISSP, CISA, COBIT, ITIL would be an advantage

• Familiarity with the applicable information security regulations in Singapore, e.g., MAS TRM Guidelines, would be an advantage

• Experience in working with multitude of stakeholders and teams

• Work with stakeholders to implement ERGO Group Information Security Risk Management framework

• Conduct gap analysis with Group framework or local regulatory requirements and work with the first line to close the gaps

• Support the identification, assessment, and prioritization of information security threats and work with relevant stakeholders to improve controls

• Conduct security risk assessments and provide guidance to asset owners in terms of protection needs analysis and liaison with IT to ensure that these protections are implemented

• Prepare regular updates to management and the Segment / Group’s CISO on information security risks, mitigation actions, progress of security measures implementation, key information security incidents, and risk assessments

• Assess and challenge the first line-of-defense’s measures and activities and participate in first-line projects as necessary to provide second-line-of-defence oversight

• Work with the first line to co-ordinate and support internal and external information security-related audits

• Be the designated Information Security Risk Manager of the company.

• Assist CRO to implement an effective Business Continuity Management (BCM) framework for the Company, including (but not limited to) the following:

• BCM – Establish and co-ordinate with stakeholders to update the Company’s key BCM documents, e.g the Business Impact Analysis, Business Continuity Plan (BCP) and Emergency Management Plan

• BCM – Assist in the development and execution of BCP tests, exercises, remediation of gaps, and attestations

• BCM – Carry out / organize BCM training for relevant stakeholders

• Be part of the Risk Management function and work with the Chief Risk Officer on other risk topics as required such as Third Party Risk Management and Operational Risk Control System.