AVP, Security GRC Specialist

RenaissanceRe is a leading writer of Property & Casualty Reinsurance. For over 25 years, we have helped customers and communities recover and build resilience through our industry-leading ability to understand risk, source efficient capital and rapidly pay claims.

Our global team shares a passion for solving our customers’ biggest problems through a collaborative and entrepreneurial culture that empowers employees and rewards creative thinking.

Position Overview: 

RenaissanceRe is looking to add an AVP, Security GRC Specialist to their Security team that will take on ownership of the third-party vendor assessment program. In addition, the Specialist will assist with various cyber GRC areas including client due diligence, security awareness, regulatory response, audit remediations, security controls strategy, and other ad-hoc projects.

Essential Functions of the Position    

• Manage the third-party vendor assessment process by reviewing vendor assessment questionnaires including SOC 2 reports and ISO 27001 certifications. Validate the existence of the vendor’s controls by reviewing evidence and leading any possible remediation efforts where a vendor’s controls are deficient. Ensure that internal business partners are aware of any risks and work with Legal when certain control requirements need to be included in contracts. Prioritize, track, and report out on progress status, issues, and challenges on a regular basis for executive reporting.

• Collaborate with the Security GRC Manager to respond to various IT audits from regulatory bodies (e.g. NYSDFS, MAS, APRA, Lloyd’s, etc.), Internal Audit, and client due diligence. This is to ensure the organization meets its legal requirements, stated policies, and contractual obligations.    

• Be actively engaged in other GRC activities including security awareness (creation of the custom training and phishing campaigns), GRC platform management (controls catalogue, continuous monitoring, issue management, policy management, etc.).

• Research security controls and be able to translate the technical and non-technical aspects to key stakeholders for various IT platforms and solutions. Ensure that the security controls are deployed in alignment with the Security Team’s goals by partnering with Infrastructure, Engineering, and the business.    

Requirements

• Bachelor’s degree in Cyber Security, Information Technology, or a related field.

• 6+ years of experience in Governance, Risk, & Compliance within Information Security.

• Experience working in a large global organization across functions.

• A solid understanding of the interplay between Information Security, Infrastructure, and Engineering.

• Audit like mindset to uncover control gaps and areas for improvement with excellent communication skills with internal and external parties.

• Ability to keep meticulous records of activities performed.

• Highly sought: Experience with vendor management tools (e.g. SecurityScorecard, BitSight, RiskRecon), GRC platforms (e.g. Drata, Vanta, OneTrust), regulatory audits (e.g. NYSDFS, MAS, APRA, Lloyd’s, etc.).

Certifications/Licensure Requirements

• CISSP or similar certification (e.g. CISA, CISM) preferred.

Our people are our most valuable resource and core to our success. This is a fast-paced business environment, demanding a strong work ethic and a results-oriented approach. We offer competitive compensation and benefits, a comprehensive talent development program, and a reward system in which employees share in the success of the company. We are an engaged member of the communities in which we live and work and have a locally-led giving philosophy with generous employee matching program, global and local community grants and employee volunteerism.

We seek diversity, create equity, and practice inclusion. Our people are at the heart of everything we do. We are an equal opportunity employer. We provide equal opportunity to all qualified individuals regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, marital status, pregnancy, disability, military status or other legally protected categories.