Job Description

The 'Information Technology Security Office' focuses on providing information and cyber security leadership through the ITSO role to defined offices and/or departments throughout the Munich Re organisation.The IT Security Officer is responsible for information security management in a number of defined offices and/or departments, which may or may not fall into the same geographic environment. An opportunity exists to support the development and implementation of Technology Controls and Information Security related policies, programs and tools. You will provide specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate risks and protect Munich Re. You may also participate on projects and provide complex reporting, analysis and assessments at the functional, business line or enterprise level.Your job Develop and maintain in depth understanding of Business Unit / processes, systems, technologies, data, customers, consumers, partners Act as the primary local security contact / adviser for the SVP/General Manager and their IT, Architecture, Operations, HR, Finance, Legal and other local personnel Support the implementation of the Information Security Management System across the assigned Business Unit(s) Proactively identify nonconformity and areas of potential improvement and facilitate development of pragmatic solutions to address issues, utilizing the security assessments and observations processes Engage with clients and customers as needed to assist the business to achieve its objectives with pre and post sales activities (e.g. explain our security program, support external audits, support bids/RFP process, assist in customer communication of security incident, etc.) Participate in BU related conferences, client facing engagement, industry forums to represent the Security program Work with Incident Response and Crisis Management teams to effectively manage incidents to an acceptable resolution; assist with investigations as needed Contribute to the definition, development, and oversight of a global security management strategy and framework. Ensure technology, processes, and governance are in place to monitor, detect, prevent, and react to both current and emerging technology and security threats against the business. Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines. Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement. Adhere to, advise, oversee, monitor and enforce frameworks and methodologies that relate to technology controls / information security activities. Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise Initiate training where necessary and contribute to planning and execution of awareness activities. Ensure efficient flow of relevant information to the Global Head of ITSO and other stakeholders.Your profile Technical degree (preferably in IT) or an IT expert with outstanding knowledge of IT infrastructure and an experience of 6 - 8 years in security A solid understanding of security best practices and international standards such as ISO2700, NIST and PCI DSS Security Training and Awareness, Security Governance, and Security Incident Management knowledge & experience Knowledge and experience of Information Security Risk and Security governance and Basic knowledge of laws applicable in offices in the area of responsibility. Information Security Certification / Accreditation an asset. Expert knowledge of IT security and risk disciplines and practices. Advanced knowledge of organization, technology controls, security and risk issues. Demonstrated ability to participate in complex, comprehensive or large projects and initiatives. Customer orientation, strong negotiating and problem solving skills. Willingness to travel. Initiative, creativity and an open mind for innovation. Strong planning, organisational and presentation skills. Highly result oriented and structured. Very good command of business English, both spoken and written.
Not Specified