Director, Cybersecurity Due Diligence & Assessments
Reinsurance Group Of America, Incorporated, Chesterfield, MO, United States
You desire impactful work.
You’re
RGA ready
RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 200 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life‑and health‑related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.
Works as a part of the Global Security Office (GSO) to lead and influence initiatives pertaining to security governance, security risk management reporting, and cybersecurity risk assessments. This role requires excellent people, communication and soft skills to maintain strong global business relationships while promoting GSO services and engagement. This role is responsible for continuously driving team innovation and improvements in all aspects of services being provided by the GSO.
Responsibilities
Manages a team to ensure timely and effective risk management reporting, maintain the security risk register, and escalates newly identified risks in alignment with established risk thresholds, appetite, and rating methodologies.
Oversees process to evaluate the security risks associated with vendors and suppliers.
Facilitates cross‑functional review of findings and determines a proper risk‑based outcome and resource availability for management response of remediation activities and timelines.
Adheres to risk management framework and adoption of improvements supporting continuous program maturity.
Oversees technical security assessments and other control validation activities, ensuring results are accurately interpreted, risk‑rated, and integrated into the security risk management process.
Manages, mentors, and directs activities of associates within the department and performs supervisory duties including but not limited to hiring, training, evaluating, and coaching of direct reports.
Leads the development and implementation of cyber security risk management initiatives and maintains technical security expertise to properly evaluate risks.
Participates in GSO's governance processes and process improvement workshops.
Education
Bachelor’s Degree in Arts/Sciences (BA/BS) or equivalent experience – Required.
Post‑graduate or professional qualification in related field – Preferred.
Experience, Skills, and Abilities
5+ Years progressive professional experience evaluating, delivering, and/or managing in a complex IT environment(s) – Required.
7+ Years professional experience including 7 years working in a complex, global corporation – Required.
Identifies and resolves technical, operational and organizational problems.
Advanced understanding of IT domains: infrastructure, networking, storage, databases, operating systems, cloud, applications, etc. – Required.
Advanced understanding of security technologies and domains, including: SSO, IAM, DLP, EDR, SIEM, firewalls, gateways, IDS/IPS, CASB, SSDLC, cryptography, PKI, etc. – Required.
Advanced understanding of security technologies, frameworks/standards (e.g., NIST CSF, NIST 800‑53, ISO/IEC 27001, NIST 800‑30, ISO/IEC 27005, etc.), and risk management methodologies. – Required.
Strong ability to make timely and effective decisions and produce results through strategic planning and the implementation and evaluation of programs and policies. – Required.
Strong project management skills. Demonstrates ability to evaluate project objectives and scope feasibility, gain understanding, schedule resources, and manage budget to plan. – Required.
Strong analytical, critical thinking and decision‑making skills and excellent written and verbal communication skills.
Manages a generally homogeneous team; adapts plans and priorities to meet service and/or operational changes. – Required.
Ability to quickly learn and understand the business of RGA. Previous experience as a Security Risk Analyst, Systems Administrator, IT Auditor, Developer, Security Engineer, Penetration Tester, Cloud Engineer. – Required.
What you can expect from RGA
Gain valuable knowledge from and experience with diverse, caring colleagues around the world.
Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.
Join the bright and creative minds of RGA, and experience vast, endless career potential.
Compensation Range: $126,710.00 - $188,840.00 Annual. Base pay varies depending on job-related knowledge, skills, experience and market location. In addition, RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long‑term equity incentive plan. RGA also maintains a full range of health, retirement, and other employee benefits.
RGA is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, age, gender identity or expression, sex, disability, veteran status, religion, national origin, or any other characteristic protected by applicable equal employment opportunity laws.
#J-18808-Ljbffr
You’re
RGA ready
RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 200 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life‑and health‑related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.
Works as a part of the Global Security Office (GSO) to lead and influence initiatives pertaining to security governance, security risk management reporting, and cybersecurity risk assessments. This role requires excellent people, communication and soft skills to maintain strong global business relationships while promoting GSO services and engagement. This role is responsible for continuously driving team innovation and improvements in all aspects of services being provided by the GSO.
Responsibilities
Manages a team to ensure timely and effective risk management reporting, maintain the security risk register, and escalates newly identified risks in alignment with established risk thresholds, appetite, and rating methodologies.
Oversees process to evaluate the security risks associated with vendors and suppliers.
Facilitates cross‑functional review of findings and determines a proper risk‑based outcome and resource availability for management response of remediation activities and timelines.
Adheres to risk management framework and adoption of improvements supporting continuous program maturity.
Oversees technical security assessments and other control validation activities, ensuring results are accurately interpreted, risk‑rated, and integrated into the security risk management process.
Manages, mentors, and directs activities of associates within the department and performs supervisory duties including but not limited to hiring, training, evaluating, and coaching of direct reports.
Leads the development and implementation of cyber security risk management initiatives and maintains technical security expertise to properly evaluate risks.
Participates in GSO's governance processes and process improvement workshops.
Education
Bachelor’s Degree in Arts/Sciences (BA/BS) or equivalent experience – Required.
Post‑graduate or professional qualification in related field – Preferred.
Experience, Skills, and Abilities
5+ Years progressive professional experience evaluating, delivering, and/or managing in a complex IT environment(s) – Required.
7+ Years professional experience including 7 years working in a complex, global corporation – Required.
Identifies and resolves technical, operational and organizational problems.
Advanced understanding of IT domains: infrastructure, networking, storage, databases, operating systems, cloud, applications, etc. – Required.
Advanced understanding of security technologies and domains, including: SSO, IAM, DLP, EDR, SIEM, firewalls, gateways, IDS/IPS, CASB, SSDLC, cryptography, PKI, etc. – Required.
Advanced understanding of security technologies, frameworks/standards (e.g., NIST CSF, NIST 800‑53, ISO/IEC 27001, NIST 800‑30, ISO/IEC 27005, etc.), and risk management methodologies. – Required.
Strong ability to make timely and effective decisions and produce results through strategic planning and the implementation and evaluation of programs and policies. – Required.
Strong project management skills. Demonstrates ability to evaluate project objectives and scope feasibility, gain understanding, schedule resources, and manage budget to plan. – Required.
Strong analytical, critical thinking and decision‑making skills and excellent written and verbal communication skills.
Manages a generally homogeneous team; adapts plans and priorities to meet service and/or operational changes. – Required.
Ability to quickly learn and understand the business of RGA. Previous experience as a Security Risk Analyst, Systems Administrator, IT Auditor, Developer, Security Engineer, Penetration Tester, Cloud Engineer. – Required.
What you can expect from RGA
Gain valuable knowledge from and experience with diverse, caring colleagues around the world.
Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.
Join the bright and creative minds of RGA, and experience vast, endless career potential.
Compensation Range: $126,710.00 - $188,840.00 Annual. Base pay varies depending on job-related knowledge, skills, experience and market location. In addition, RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long‑term equity incentive plan. RGA also maintains a full range of health, retirement, and other employee benefits.
RGA is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, age, gender identity or expression, sex, disability, veteran status, religion, national origin, or any other characteristic protected by applicable equal employment opportunity laws.
#J-18808-Ljbffr