Technology Risk Officer

Title: Technology Risk Officer Company: Everest Global Services, Inc. Job Category: Technology Job Description: About Everest: It’s an exciting time for Everest Re Group, Ltd. (“Everest”)! As we continue on our journey, we see significant opportunity ahead of us to expand our reach, build diversity, and enhance our capabilities in critical markets. Everest is a leading global reinsurance and insurance provider, operating for nearly 50 years through subsidiaries in the Europe, Bermuda, Canada, Singapore, US, and other territories. Our strengths include extensive product and distribution capabilities, a strong balance sheet, and an innovative culture. Throughout our history, Everest has maintained its discipline and focuses on creating long-term value through underwriting excellence and strong risk and capital management. But the most critical asset in this organization is our people. Everest is a growth company with $14 Billion of Gross Written Premium offering Property, Casualty and specialty products among others, through its various operating subsidiaries located in key markets around the world. Everest has been a global leader in reinsurance with a broad footprint, deep client relationships, underwriting excellence, responsive service and customized solutions. Our insurance arm draws upon impressive global resources and financial strength to tailor each policy to meet the individual needs of our customers. About the role: We are looking for a Senior Cyber Security and Technology Risk Leader to assume responsibility for information and cyber security across our Global Infrastructure Services (GIS) technology footprint. This is a hands-on role working closely with the Infrastructure teams, Information Security, CISO, IT Senior Leadership Team, Audit, Risk, and governing Regulatory authorities. This role is responsible for ensuring the appropriate Infrastructure controls are in place and effective, well documented, tested on a regular basis, expanded to cover emerging threats, continually improved and automated to the fullest extent possible. Top candidates will be comfortable working with a wide range of Infrastructure technologies leveraged by Everest including the Cloud (i.e., IaaS, PaaS) and 3rd party SaaS solutions. The individual must be effective working with all stakeholders and effectively communicating with senior management. This role will report into the Deputy Chief Information Security Officer within the Cyber Security and Technology Risk group. The job entails: Assist in defining and executing the information and cyber security strategy for the Global Infrastructure Services organization in-line with the broader Everest strategy, standards, and policy Setting of policy and procedures defining the Information Security standards best practices Overseeing day-to-day governance of cyber security, IT Risk, and IT Compliance and Audit efforts Facilitating internal audit and external/regulatory risk assessments Devising processes and controls to support expanding business needs for access to infrastructure, systems, applications, data, and tools Orchestrating compliance of the organization to GDPR and other security, privacy, and operational risk regulations with respect to Infrastructure systems and processes Ensuring compliance of the organization to its certified standards Driving alignment of our infrastructure Cloud strategy and approaches to meet security needs Facilitating assessment of risks and security activities/metrics to ensure standards are met and improved Addressing identified risks and issues: creating and tracking remediation activities Support the development of the Disaster Recovery and Business Continuity plans for the Global Infrastructure Services organization Role Responsibilities: Driving the facilitation, monitoring, and assessment activities on a risk-basis for GIS. Define, measure, and report on technology related risks Identify improvements of principles, policies, and governance processes, as well as maintain minimum control standards, guidelines, and key operating procedures to enable identification, management, reporting and mitigation of risks related to information technology Provide constructive review and challenge on the implementation and operation of 1st Line Controls, risk and control assessment results and control initiatives specifically relating to information technology Provide risk management guidance/advice to the 1st line on the management of risks, controls and compliance relating to information technology Define operational process models to enable the implementations of control automation frameworks Assist with the implementation of process changes, and ad-hoc control reviews to ensure the control environment remains strong as systems and processes evolve Lead assessment working-groups as necessary to understand and evaluate changes in the risk environment. Perform deep dives and reviews in high-risk areas of GIS to determine compliance with IT controls and review and provide recommendation of remediation activities Assist in vendor risk management initiatives as necessary that assess and monitor risks used to determine their overall information risk profile and health of GIS third-party vendors Support Information Security Awareness training to staff and contractors Oversee the coordination for all compliance, internal/external audit, and information security inquiries and engagements associated with GIS Design and implement Risk Management & Compliance analytics, metrics, dashboards, and reporting (data analytics) solution Senior Cyber Security and Technology Risk Office Requirements: A degree in computer science, IT, systems engineering, or related qualification Minimum of 10 years of similar work experience within a Global Infrastructure organization Minimum of 5 years’ experience working in the financial services / insurance industry Disaster Recovery and Business Continuity planning and control oversight Expertise in key regulations (i.e., GDPR) and dialoging with regulatory agencies Experience with Firewalls (functionality and maintenance), Office 365 Security, Secure Development, and Endpoint Security. Expertise with Cloud based tools such as: O365, internet and network monitoring tools Ability to work under pressure in a fast-paced environment. Great awareness of cybersecurity trends and hacking techniques Ability to evaluate risk and communicate it in a fact-based manner. Excellent conceptual, organizational, analytical, and problem-solving skills required. High level of attention to detail and accuracy required. Ability to communicate clearly and concisely (both written and verbal, presentation and interpersonal skills) required. Ability to effectively partner with and influence all stakeholders CISSP or other Information Security certification required Our Culture At Everest, our purpose is to provide the world with protection. We help clients and businesses thrive, fuel global economies, and create sustainable value for our colleagues, shareholders and the communities that we serve. We also pride ourselves on having a unique and inclusive culture which is driven by a unified set of values and behaviors. Click here to learn more about our culture. Our Values are the guiding principles that inform our decisions, actions and behaviors. They are an expression of our culture and an integral part of how we work: Talent. Thoughtful assumption of risk. Execution. Efficiency. Humility. Leadership. Collaboration. Diversity, Equity and Inclusion. Our Colleague Behaviors define how we operate and interact with each other no matter our location, level or function: Respect everyone. Pursue better. Lead by example. Own our outcomes. Win together. All colleagues are held accountable to upholding and supporting our values and behaviors across the company. This includes day to day interactions with fellow colleagues, and the global communities we serve. #LI-DP1 #LI-Hybrid Type: Regular Time Type: Full time Primary Location: Warren, NJ Additional Locations: Everest is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion or creed, sex (including pregnancy), sexual orientation, gender identity or expression, national origin or ancestry, citizenship, genetics, physical or mental disability, age, marital status, civil union status, family or parental status, veteran status, or any other characteristic protected by law. As part of this commitment, Everest will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact Everest Benefits at everestbenefits@everestglobal.com. Everest U.S. Privacy Notice | Everest (everestglobal.com) EVEREST is a leading international reinsurance and insurance group with an extensive distribution network that spans five continents. With roots dating back to 1973, Everest has developed a global footprint and deep client relationships that are largely unmatched by its peers. The Company’s principal business strategies seek to leverage its strengths to optimize returns over the underwriting cycle, thereby creating value for its shareholders and business partners.