Senior Security Risk Management Specialist

You desire impactful work.

You’re RGA ready

RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 500 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.

Deliver RGA’s global security risk management services. Ensure risk management service requests are processed and completed within a defined response timeframe; improve processes to meet business agility and compliance obligations. Provide security risk management guidance to assist stakeholders. Participate in the development of policies, procedures, standards and controls. Bridge collaboration with various business and technology stakeholders.

• Conduct comprehensive security risk assessments of enterprise systems and processes, as well as provide recommendations for risk mitigation.
• Review, analyze, and provide recommendations for policy, standard, and baseline configuration deviations.
• Work with various RGA departments to assess risks associated with compliance requirements and provide guidance and advice for stakeholders to make decisions.
• Perform vendor security risk assessments to include inherent & residual risk identification, analysis, and mitigation, and additionally track risk remediation to completion.
• Stay current on security trends, threats, and best practices to continuously improve the organization's security posture.
• Conduct thorough threat modeling exercises to identify potential security vulnerabilities and risks.
• Serve as a project security advisor including risk analysis gate checks in the secure SDLC process.
• Help maintain a culture of security, privacy and controls within RGA global IT.
• Perform other duties as assigned.
• Excellent analytical, problem-solving, and critical-thinking skills.
  
  

EDUCATION:

Required: Bachelor’s degree or equivalent experience

Preferred: Master’s degree and/or LOMA certification

EXPERIENCE:

Required:

• 4+ years’ experience in information systems
• 3+ years IT security, privacy, audit, controls and regulatory compliance, or related experience
• Experience conducting risk assessments aligned with industry standard frameworks & standards.
• Intermediate understanding of IT domains: infrastructure, networking, storage, databases, operating systems, cloud, applications, etc.
• Strong understanding of security technologies and domains, including: SSO, IAM, DLP, EDR, SIEM, firewalls, gateways, IDS/IPS, CASB, antivirus, SSDLC, cryptography, PKI, etc.
• Ability to evaluate IT controls objectives and feasibility.
• Advanced oral and written communication skills, demonstrating the ability to convey business terminology that is meaningful and well received by the customer.
• Demonstrated knowledge of broad security and risk management related practices
• Ability to manage multiple projects simultaneously, including the ability to delegate areas of responsibility
• Ability to adapt to new methods, work under tight deadlines and stressful conditions
• Ability to work well within a team.
• Advanced ability to liaise with individuals across a wide variety of operational, functional and technical disciplines
• Advanced ability to translate business needs and problems into viable/accepted solutions
• Ability to resolve conflict and foster teamwork
  
  

Preferred:

• Insurance industry knowledge
• Information security, compliance, risk or audit professional certifications, such as CISSP, CISA, CISM, CGEIT, CRISC, CPA, OSCP, CCSP, CCSK
  
  

Required:

TECHNICAL REQUIREMENTS:

• IT Control Frameworks including NIST CSF, NIST 800-53, ISO/IEC 27001, NIST 800-30, ISO/IEC 27005
• Knowledge of regulations including Sarbanes-Oxley, HIPAA, GLBA, GDPR
• Cloud assessment experience (AWS, Azure, Google Cloud, etc.)
  
  

Preferred:

• Knowledge of compliance certifications such as SOC2, PCI, etc.
• Cyber Risk Quantification (CRQ) experience (e.g., FAIR)
  
  

What You Can Expect From RGA:

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.
• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.
• Join the bright and creative minds of RGA, and experience vast, endless career potential.
  
  

Compensation Range:

$84,860.00 - $128,110.00 Annual

Base pay varies depending on job-related knowledge, skills, experience and market location. In addition, RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long-term equity incentive plan. RGA also maintains a full range of health, retirement, and other employee benefits.

RGA is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, age, gender identity or expression, sex, disability, veteran status, religion, national origin, or any other characteristic protected by applicable equal employment opportunity laws.