Senior Cybersecurity & Privacy Risk Management Specialist

You desire impactful work.
 

You’re RGA ready

RGA is a purpose-driven organization working to solve today’s challenges through innovation and collaboration. A Fortune 500 Company and listed among its World’s Most Admired Companies, we’re the only global reinsurance company to focus primarily on life- and health-related solutions. Join our multinational team of intelligent, motivated, and collaborative people, and help us make financial protection accessible to all.

As a Senior Cybersecurity & Privacy Risk Management Specialist, you will be responsible for understanding the complexities of RGA’s cybersecurity and data privacy framework as it applies to each global product. In support of RGA's global business partners, you will provide timely responses to cybersecurity and data privacy due diligence questionnaire requests, as well as review, decipher, opine, and negotiate on contractual obligations related to RGA’s cybersecurity and data privacy framework.

RESPONSIBILITIES:

• Complete due diligence questionnaire requests within defined service level agreement timeframes.

• Provide cybersecurity and data privacy subject matter expertise in conversations with clients and third-party vendors in support of RGA’s global business partners and Global Legal Services.

• Evaluate and ensure protection of RGA’s cybersecurity and data privacy position through comprehensive negotiation and timely review of contractual documents prepared by clients, third-party vendors, and in-house counsel.

• Identify and develop responses to due diligence questions that are not yet available in the knowledge library, which may involve bridging collaboration with various business and technology stakeholders across the organization.

• Maintain and update the knowledge library by learning from internal teams and completing research to find or create answers to knowledge gaps.

• Interpret and understand laws, regulations, complex issues, and contractual documents related to cybersecurity and data privacy, investigate, problem solve, and provide workable recommendations and solutions.

• Periodically update documentation regarding RGA’s cybersecurity and data privacy programs and processes.

• Stay current on RGA infrastructure updates.

• Help maintain a culture of security, privacy, and controls within RGA.

• Maintain strict confidentiality and privilege when required.

• Attention to detail, excellent analytical, problem-solving, critical-thinking, and multi-tasking skills.

• Perform other duties as assigned.

EDUCATION:

Required:

• Bachelor’s Degree in Arts/Sciences (BA/BS) or equivalent experience

EXPERIENCE:

Required:

• 5+ years relevant experience in IT security, privacy, audit, controls and regulatory compliance, or related experience.

• Minimum 3 to 5 years of experience with legal and regulatory standards (e.g. GDPR, SOX, NIST, ISO)

• Cybersecurity risk management; client and 3rd party contract review

• Strong interpersonal, presentation, verbal, and written communication skills with the ability to effectively interact with internal and external business partners at all levels

• Strong analytical and problem-solving skills with the ability to effectively resolve moderately complex situations and issues

• Ability to interpret and understand data flow diagrams

• Knowledge of Microsoft Office Suite and other business-related software systems, including processing systems and applications

• Knowledge of privacy and data safeguarding methods, and the ability to Identify/resolve operational and organizational problems

• Advanced knowledge of Information Security field including knowledge of best practices and privacy program policies.

• Ability to make timely and effective decisions and produce results through planning and the implementation and evaluation of programs and policies.

• Demonstrated ability to convey business terminology that is meaningful and well received

• Demonstrated ability to adapt plans and priorities to meet service and/or operational changes

• Ability to quickly learn and understand the business of RGA

Preferred:

• Global Data Protection Regulation knowledge

• Data Governance experience, CIPP, CISSP, CRISC, or similar certification

What you can expect from RGA:

• Gain valuable knowledge from and experience with diverse, caring colleagues around the world.

• Enjoy a respectful, welcoming environment that fosters individuality and encourages pioneering thought.

• Join the bright and creative minds of RGA, and experience vast, endless career potential.

Compensation Range:

Base pay varies depending on job-related knowledge, skills, experience and market location. In addition, RGA provides an annual bonus plan that includes all roles and some positions are eligible for participation in our long-term equity incentive plan. RGA also maintains a full range of health, retirement, and other employee benefits.

RGA is an equal opportunity employer. Qualified applicants will be considered without regard to race, color, age, gender identity or expression, sex, disability, veteran status, religion, national origin, or any other characteristic protected by applicable equal employment opportunity laws.