• Job Description

  Req#: R-100171

  As a member of the Enterprise Risk Management Team, you are at the core of keeping Assurant safeguarded from potential exposures and ensuring a resilient organization. You will assist the Risk Management Team with anticipating new and emerging risks through your deep knowledge and understanding of technology risk to solve challenges that impact our organization, clients, and customers. Our Risk Management culture encourages creative thought, effective challenges, and maintaining an elevated level of excellence.

  This role sits within our Operational Risk Team in Global Risk Management (GRM.) In this role, you will be responsible for providing expert advice and oversight for operations, data systems, technology, information security, and cyber security for groups within the first and second line of defense for the Enterprise.

  What will be my duties and responsibilities in this job?

  • Establishing the technology risk framework, corresponding standards, and risk assessment protocols

  • Periodically conduct Technology Risk Assessments to identify risks, potential threats, and vulnerabilities and incorporate theminto the enterprise-wide integrated risk management approach, including:

  • Review the Disaster Recovery test calendar to ensure compliance with annual testing of ESAM and Critical applications and identify and implement risk mitigation steps for untested applications.

  • Review Business Exercise Summaries and ensure gaps were documented and remediated within 90 days.

  • Document nonconformities and provide monthly reporting monthly to the IT Risk Committee to improve overall compliance.

  • Conduct quarterly reviews of the performance of the Disaster Recovery Standards, gather metrics, and report to risk leadership.

  • Assessing and enhancing the firm’s enterprise cybersecurity and technology capability maturity through the identification, development, and innovation of risk assessment techniques

  • Providing independent expertise during capability maturity reviews, preparing independent assessments of maturity levels, and developing enterprise-level risk reports and intelligence for senior management.

  • Assisting the development and maintenance of the Global Operational Resilience framework.

  • Documents a comprehensive view of the company’s technology resilience maturity, informing and driving action on improvement priorities by presenting reports to BU management, including MCOM executives, summarizing trends identified, actions taken, and results defined by key metrics to enable decision-making at the executive level.

  • Support and advise on standards and strategies to build a safe, secure, and resilient organization. Collaborates with cross-functional partners holding shared accountability for technology, safety, security, and resilience objectives to review roadmaps, key organizational threats, metrics, and compliance with established standards.

  • Participate in P1 Major Incident disruption events and provide risk leadership timely status, post-mortem analysis of events, and track key remediation actions through completion.

  • Provides support and guidance across technology & vendor solution implementations to standardize, centralize, and administer the plans, policies, and procedures, and establishes robust governance structures for strategic oversight. Manages KPIs to measure and report on the health of Assurant’s resilience program.

  • Assist in the establishment and execution of the Scenario Testing Program, with corresponding framework and methodology, that discovers, documents, and reports on Technology Resilience risks across the global Assurant enterprise. Utilize the Integrated Risk Management approach to address risk exposures and collaborate with business and risk teams to remediate gaps in a timely manner.

  • Creates, maintains, and reports on global impact data relevant to the strategic resilience objectives of each functional area of the business. Design, develop, implement, maintain, and evaluate business continuity and disaster recovery requirements related to operational resilience.

  • In partnership with the Business Resiliency Team:

  • Assesses the recovery environment requirements and continuity plans if people, facilities, or resources are unavailable. Advises on recovery standards and governs compliance of IT restoration capabilities for systems, applications, and data.

  • Partners with Business Unit (BU) leadership to develop and evaluate business and operational continuity across the enterprise, both prospectively and retroactively. Disseminates exercise results to BU management and delivers solutions for improvement of response rates. Escalates issues, removes barriers, and identifies root causes to deliver progress on action plans and improve enterprise metrics.

  • Guides operational change and informs and responds during critical incidents and business disruptions. Provides support, guidance, and thought leadership to enhance and strengthen Assurant’s operational resilience posture.

  • Manage Root Cause Analysis for incidents that have taken place to augment the Operational Resilience approach, updating the risk event, assessment, and control environment with the results of the review.

  • In coordination with the enterprise procurement group & global vendor management team, develops standards for evaluating vendor risk relative to business impact. Reviews business continuity plans and exercises for vendors to ensure compliance with risk standards. Advises on the vendor management relationship of disaster recovery services and facilities; studies and recommends outside services for use during a disaster situation.

  • Collaborate with other control functions (internal Audit and Global Compliance) to ensure adherence to industry standards and regulatory requirements.

  • Periodically present risk assessments, outlook, and mitigation efforts to Senior Leaders

  What are the requirements needed for this position?

  • Bachelor’s degree in computer science, Information Systems, or a related field

  • A minimum of 5 years of experience in tech & cyber governance, risk and controls

  • Knowledge of technology and cybersecurity risk management frameworks such as NIST, ISO, FFIEC, and Heightened Standards

  • Familiarity with laws and regulations related to tech & cyber including privacy and outsourcing.

  • Experience with modern technologies such as public and private cloud (AWS, GCP, Azure, etc.), containerization and orchestration (Kubernetes), & microservice architectures are a plus.

  • Experience in providing independent reviews and challenging the first line of defense technology, cybersecurity assessments, and controls.

  • Strong leadership and teaming skills

  • Demonstrated ability to manage and prioritize diverse elements of complex projects for people, tasks, communication, change, etc. to drive optimal outcomes and results- strong project management and multi-tasking skills

  • Demonstrated ability to act as a servant leader to ensure the success of product implementation and team effectiveness

  • Ability to ask the “right” questions without having extensive knowledge in a particular business area

  • Experience in Risk Management is a plus, particularly knowledge of Operational Resilience, Operational Risk, or control-related background within the Banking or financial services industries

  What other skills/experience would be helpful to have?

  • Prefer Risk Management Professional Certifications (ISACA or COSO knowledge desired)

  • Experience with the Service Now’s GRC capabilities, Process Mapping, Fusion, Power BI & Tableau is a plus

  • Knowledge of SOX, SOC 1&2, ITGC, PCI, ISO 27001 / 22301 is desired

  • Experience working in a European Financial Services regulatory business (e.g. PRA / DNB) is a plus

  • Familiar with customer processes and customer journeys

  • Proficient in Sales, bid management, and process management

  • Vendor / Third-Party Risk Management Experience

  • Risk Scenario Program & Testing Experience

  • Agile Product Management

  How much should I expect to travel?

  Travel may vary depending on location

  #LI-Remote

  #AssurantProudSD

  Pay Range:

  $97,100.00 - $161,900.00

  Any posted pay range considers a wide range of compensation factors, including candidate background, experience and work location, while also allowing for salary growth within the position.

  Helping People Thrive in a Connected World
  Connect with us. Bring us your best work and your brightest ideas. And we’ll bring you a place where you can thrive. Learn more at jobs.assurant.com .

  For U.S. benefit information, visit myassurantbenefits.com . For benefit information outside the U.S., please speak with your recruiter.

  What’s the culture like at Assurant?
  Our unique culture is a big reason why talented people choose Assurant. Named a Best/Great Place to Work in 13 countries and awarded the Fortune America’s Most Innovative Companies recognition in 2023, we bring together top talent around the world. Although we have a wide variety of skills and experiences, we share common characteristics that are uniquely Assurant. A passion for service. An ability to innovate in practical ways. And a willingness to take chances. We call our culture The Assurant Way .

  Company Overview
  Assurant is a leading global business services company that supports, protects, and connects major consumer purchases. A Fortune 500 company with a presence in 21 countries, Assurant supports the advancement of the connected world by partnering with the world’s leading brands to develop innovative solutions and deliver an enhanced customer experience through mobile device solutions, extended service contracts, vehicle protection services, renters insurance, lender-placed insurance products, and other specialty products.

  Equal Opportunity Statement
  Assurant is an Equal Employment Opportunity employer and does not use or consider race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity, or any other characteristic protected by federal, state, or local law in employment decisions.

• About the company

  Assurant, Inc. is a global provider of risk management products and services with headquarters in New York City. Its businesses provide a diverse set of specialty, niche-market insurance products in the property, casualty, extended device protection, and preneed insurance sectors.

Notice