The Assurant Global Risk Management team is seeking a Technology Risk & Resilience Manager. Your primary responsibilities include providing expert advice, credible challenge, and effective oversight of technology, information & cyber security, operations, data, and systems to identify, assess, control, and manage technology risk throughout the company on a global scale. The role will develop and execute appropriate systems of risk management & controls in relation to Technology Risk & Technology Resilience.

You will help ensure that the company’s risk-taking entities are aware of the risks inherent in their activities and decisions, the impact of their actions on the company at an enterprise level, and opportunities to reduce, mitigate, and monitor technology & cyber security risks. This is a remote opportunity.

What will be my duties and responsibilities in this job?

Leads and Drives Delivery of Technology Risk Programs:

• Establishing the technology risk framework, corresponding standards, and risk assessment protocols for the second line of defense risk team.

• Lead independent assurance activities to assess & monitor programs across the Assurant technology environment, ensuring that risks remain within tolerance levels.

• Periodically conduct Technology Risk Assessments to identify risks, potential threats, and vulnerabilities and incorporate them into the enterprise-wide integrated risk management approach.

• Identify, propose, and drive risk reduction opportunities.

• Assess and enhance the enterprise cybersecurity and technology capability maturity through the identification, development, and innovation of risk assessment techniques.

• Provide independent expertise during capability maturity reviews, preparing independent assessments of maturity levels, and develop enterprise-level risk reports and intelligence for senior management.

• Assesses technology and/or cyber risks associated with new initiatives (including programs, engagements, and vendors) being proposed for implementation.

• Manage Technology Risk Events, ensuring that remediation activities mitigate the risk exposure, and technology issues are appropriately actioned.

• Document process and key controls, highlighting risks and issues in addition to identifying improvements to technology processes and rules.

• Create, manage, and monitor technology controls within the GRC system.

Technology Control Oversight & Monitoring:

• Advise the first line of defense technology teams in the design and implementation of IT general controls (ITGCs) and cybersecurity controls.

• Monitor and report on control design and operating effectiveness through the Assurant GRC tool, Service Now

• Track the status of internal and external technology audit findings.

• Establish, monitor, and report on technology KRIs.

• Provides subject matter expertise and consulting to internal and external customers to help them achieve business objectives.

Technology Resilience:

• Assist in the development and maintenance of the Global Operational Resilience framework.

• Identify important business services, assets, and technology solutions that if disrupted could cause harm to consumers or market integrity, threaten the viability of the firm, or cause instability in the financial system. Ensure the application mapping can also be utilized for business resilience testing.

• Identify and report on risk indicators in respect of technology resilience.

• Proactively identify and track gaps in technology resilience plans, and effectively communicate resilience risks and compliance issues to senior management.

• Document a comprehensive view of the company’s technology resilience maturity, informing and driving action on improvement priorities by presenting reports to BU management, including MCOM executives, summarizing trends identified, actions taken, and results defined by key metrics to enable decision-making at the executive level.

• Assesses the recovery environment requirements and continuity plans if people, facilities, or resources are unavailable.

• Augment the Operational Resilience approach by reviewing Root Cause Analysis for technology incidents that have taken place, updating the risk event, assessment, and control environment with the results of the review.

As part of risk management (2nd line of defense) this role will collaborate closely with associates in Information Technology, Information Security, Cyber Security, Vendor Management, Compliance, Internal Audit, Business Segments, and other Risk Management offices to perform and support evaluations of the firm’s cyber capability maturity levels while offering independent advice and recommendations regarding ways to further mature Assurant’s technology risk & resilience capabilities.

What are the requirements needed for this position?

• Bachelor’s degree or equivalent work experience

• A minimum of 7 years of experience in Technology Risk Management with a solid knowledge of Operational Resilience, Operational Risk, or technology control-related background within the Banking or financial services industries

• Subject matter expert in one or more industry-standard risk management frameworks (examples include ISO27001 or COBIT)

• Excellent technical, interpersonal, and analytic skills.

• Outstanding communication, attention to detail, time management, organizational, multi-tasking, and problem-solving skills

• Ability to communicate clearly and interact effectively at all levels of the organization

• Experience with Agile methodology

• Execution oriented and a self-motivator

• Strong analytical, problem-solving solving, and delivery capabilities

• Manage multiple projects while maintaining superior results

• Ability to work in a dynamic environment, juggling concurrent tasks, and meeting daily deadlines, while maintaining superior results

• Work cross-functionally, individually, and lead work amongst a team

• Experience leading and managing multiple complex projects or transformation programs

• Strong facilitation and virtual team management skills, including with vendors and clients

• Ability to ask the “right” questions without having extensive knowledge in a particular business area

What other skills/experience would be helpful to have?

• Risk Management Professional Certifications (ISACA or COSO knowledge desired)

• Experience with Service Now’s GRC capabilities, Process Mapping, Fusion, Power BI & Tableau is a plus

• Knowledge of SOX, SOC 1&2, ITGC, PCI, ISO 27001 / 22301 is desired

• Experience working in a European Financial Services regulatory business (e.g. PRA / DNB) is a plus

• Familiar with customer processes and customer journeys

• Proficient in Sales, bid management, and process management

• Vendor / Third-Party Risk Management Experience

• Risk Scenario Program & Testing Experience

• Agile Product Management

How much should I expect to travel?

Travel may vary depending on location <10%

#LI-Remote

#AssurantProudSD