We are seeking highly-motivated individuals with professional experience to join our team as Risk Manager / Information Security Risk Manager, Risk Management.
ERGO Insurance Pte. Ltd. is a registered general insurer regulated by the Monetary Authority of Singapore. We are a wholly owned Singapore subsidiary of ERGO Group AG, one of the major insurance groups in Germany and Europe, and we are the primary insurance arm of Munich Re, one of the leading reinsurers and risk carriers worldwide.
www.ergo.com.sg
There are countless good reasons to pick ERGO as an Employer.
No matter where you are in your career, we offer various development opportunities in all departments at all levels.
You’ll experience a fair and open-minded culture where every employee is trusted and valued.
We support you on your career path. Professional development is a central part of our philosophy: we give all our staff the opportunity to develop, both personally and professionally.
If you have a strong passion to succeed and aspire to join a company that can offer you an interesting and diverse career, we look forward to meeting you!
Requirements:
To be successful in this role, you will possess the following experience, knowledge and skills:
-
Degree in Information Security, Computer Science or IT preferred
-
5+ years of relevant work experience (Information Security Officer, IT Auditor etc.)
-
Industry qualifications such as CRISC, CISSP, CISA, COBIT, ITIL would be an advantage
-
Familiarity with the applicable information security regulations in Singapore, e.g., MAS TRM Guidelines, would be an advantage
-
Experience in working with multitude of stakeholders and teams
Job description
Information Security Risk Management (50%)
-
Work with stakeholders to implement the ERGO Group Information Security frameworks for the Company, including all related policies and guidelines. There will be guidance from ERGO Group’s Information Security team.
-
Conduct gap analysis with Group framework or Singapore regulatory requirements and work with the first line to close the gaps.
-
Support the identification, assessment, and prioritization of information security threats and work with relevant stakeholders to improve controls.
-
Conduct/review security risk assessments and provide guidance to asset owners in terms of protection needs analysis and liaison with IT to ensure that these protections are implemented.
-
Prepare regular updates to management and the Segment / Group’s CISO on information security risks, mitigation actions, progress of security measures implementation, key information security incidents, and risk assessments.
-
Assess and challenge the first line-of-defense’s measures and activities and participate in first-line projects as necessary to provide second-line-of-defence oversight.
-
Work with the first line of defence to co-ordinate and support internal and external information security-related audits.
-
Be the designated Information Security Risk Manager of the company.
Management of Other Risks (50%)
Assist Chief Risk Officer (CRO) to implement an effective Business Continuity Management (BCM) framework for the Company, including (but not limited to) the following:
-
BCM – Establish and co-ordinate with stakeholders to update the Company’s key BCM documents, e.g. the Business Impact Analysis, Business Continuity Plan (BCP) and Emergency Management Plan
-
BCM - Assist in the development and execution of BCP tests, exercises, remediation of gaps, and attestations
-
BCM - Carry out / organize BCM training for relevant stakeholders
-
Be part of the Risk Management function and work with the Chief Risk Officer on other risk topics as required such as Third Party Risk Management and Operational Risk Control System.
Contact : career at ergo.com.sg