Cyber Governance Manager
Why Tokio Marine HCC?
Standing still is not an option in the current world of Insurance. TMHCC are one of the world’s leading Speciality Insurers. With deep expertise in our chosen lines of business, our unparalleled track record and a solid balance sheet, TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit, empowering our people and delivering on our commitments are at the core of our customer values, and so is a desire to grow and provide creative and innovative solutions to our clients. We have doubled our gross written premiums in the past 3 years and our plan is to do so again in the next 3 years. To support this desire, we need to be forward-thinking and innovative in every respect. That means continually improving our customer-focused business, it means providing systems, solutions and technology to enable seamless growth and business innovation, and it means having the best people capability to apply to these challenges.
Part of our evolution involves growing our team, and bringing in a range of views, perspectives and backgrounds that will allow us to deliver this forward-looking culture, that relies upon open and trusting relationships, and a shared vision for that continual improvement. We aspire to build an environment where new perspectives are encouraged, where resilience, fresh ideas and different opinions are valued.
About the Opportunity
TMHCC is in the midst of an exciting IT transformation and is the process of recruiting and developing a broad range of suitably qualified, skilled and experienced people. Reporting into the Business Information Security Officer (BISO) for TMHCC International, the Cyber Governance Analyst is part of a new function established within in the CIO organisation of the International division at TMHCC. You'll join the IT team as someone who is passionate about Cyber Risk, Compliance and Assurance with an adaptable and flexible personality, and excellent stakeholder management skills.
Under the guidance of the BISO, you will work closely with TMHCC International IT leadership, the Enterprise Security team and second line risk functions to develop cyber risk, reporting and cyber governance processes, coordinating security assurance to ensure adequacy and effectiveness of security controls. You will be experienced in good practice cyber risk and control frameworks. You will be responsible for managing the cyber risk register, pulling together metrics from key stakeholders and enabling us to demonstrate the impact of investment on residual risk reduction.
Key to your role will also be maintaining oversight of third party cyber risk management processes and reporting.
- Ensure in-depth knowledge and understanding of Cyber Risk Management practices as you collate, manage and coordinate reporting of cyber risk posture
- Establish and maintain strong relationships with stakeholders in IT teams, Enterprise Security and Enterprise Risk Management
- Track cyber delivery performance metrics against the agreed SLAs
- Collaborate with Enterprise Security teams, as you monitor and understand impacting risks, compliance needs and regulatory requirements.
- Coordinate review of existing issues and actions, to ensure they are being managed in line with the Risk Management Strategy and Standards
- Coordinate with the IT stakeholders to ensure all cyber policy exceptions/risk acceptances are managed in accordance with an Enterprise security exceptions processes.
- Critically evaluate information gathered from multiple sources, reconcile conflicts, decompose high-level information into details, abstract up from low-level information to create a clear understanding of cyber risks
- Support the BISO in the providing input to the Divisional IT Risk Reporting and Dashboard
- Escalate significant cyber risks and issues as they emerge, to the BISO for action or information
- Support third party cyber due diligence processes, providing support to procurement teams, to manage cyber risk related to third party suppliers.
Skills and Requirements:
- 5-7 years of experience in Cyber Governance and Assurance, implementing cyber governance frameworks
- Working knowledge of risk and compliance assurance and monitoring practices, and a good understanding of risk and compliance issues
- An ability to handle day-to-day risk management such as weekly meetings, recording and oversight and facilitate small workshops as required
- Strong knowledge of cyber processes and working within an IT team
- Understanding of the audit process, having worked with Audit (internal & external) in the past
- Knowledge of good practice security risk and control frameworks (NIST Cybersecurity Framework; CIS; ISO 27001)
- Experience working in a regulated environment with a good understanding of key UK regulations impacting cyber security (e.g. GDPR; Operational Resilience)
- Excellent verbal, written communication, and presentation skills, being able to explain complex items in a simple yet articulate manner
- Excellent stakeholder management skills
- A confidence in presenting information and acting as a source of knowledge and guidance
- Analytical, conceptual thinking, planning and execution skills
- Ability to drive improvements and take charge of initiatives, backed with excellent coordination strength as well as assertiveness
- Result orientated
- A desire to champion a cyber security culture
- Experience of the Specialty and Lloyd’s/Companies market insurance industry.
- Relevant industry qualifications preferable (CISSP, CISSM, CRISC, CISA)
- Relevant degree or similar qualification (e.g., BSc Information Technology or Business or other related fields of study)