IT Security GRC Analyst

RenaissanceRe is a leading writer of Property & Casualty Reinsurance. For over 25 years, we have helped customers and communities recover and build resilience through our industry-leading ability to understand risk, source efficient capital and rapidly pay claims.

Our global team shares a passion for solving our customers’ biggest problems through a collaborative and entrepreneurial culture that empowers employees and rewards creative thinking.

Position Overview:  

RenaissanceRe is looking to recruit an IT Security GRC Analyst to their Security team that will take on ownership of the third-party vendor assessment program. In addition, the analyst will assist with various cyber GRC areas including client due diligence, security awareness, regulatory response, audit remediations, security controls strategy, and other ad-hoc projects.

Essential Functions of the Position    

• Manage the third party vendor assessment process by reviewing vendor assessment questionnaires including SOC 2 reports and ISO 27001 certifications. Validate the existence of the vendor’s controls by reviewing evidence and lead any possible remediation efforts where a vendor’s controls are deficient. Ensure that internal business partners are aware of any risks and work with Legal when certain control requirements need to be included into contracts. Prioritize, track, and report out on progress status, issues, and challenges on a regular basis for executive reporting.    

• Collaborate with the Security GRC Manager to respond to various IT audits from regulatory bodies, Internal Audit, and client due diligence. This is to ensure the organization is meeting its legal requirements, stated policies, and contractual obligations. Maintain an IT Controls Catalogue used to assist with therein mentioned audits.    

• Be actively aware and participate in other GRC activities so that you can ensure continuity of the activities in times of demand including security awareness, policy management, security controls catalogue, etc.    

• Research security controls and be able to translate the technical and non-technical aspects to key stakeholders for various IT platforms and solutions. Ensure that the security controls are deployed in alignment with the Security Team’s goals by partnering with Infrastructure and Engineering.    

Requirements

• A bachelor’s degree in Cyber Security, Information Technology, or a related field.

• 3 - 5 years of experience in Governance, Risk, & Compliance within Information Security.

• A solid understanding of the inter-play between Information Security, Infrastructure, and Engineering.

• Audit like mindset to uncover control gaps and areas for improvement.

• Experience working in a global and matrixed organization across functions and geographies.

• Excellent communication skills with internal and external parties.

• Ability to keep meticulous records of activities performed.

• Pluses: Experience with a phishing platform, Jira, Azure, Office 365 E5

• Nice to have skills, but not required: PowerShell, Phyton, VBA

Certifications/Licensure Requirements

• CompTIA Security+ or similar certification (E.g. CySA+, CISSP, CISA, CISM, CEH) preferred.

Our people are our most valuable resource and core to our success. This is a fast-paced business environment, demanding a strong work ethic and a results-oriented approach. We offer competitive compensation and benefits, a comprehensive talent development program, and a reward system in which employees share in the success of the company. We are an engaged member of the communities in which we live and work and have a locally-led giving philosophy with generous employee matching program, global and local community grants and employee volunteerism.

We seek diversity, create equity, and practice inclusion. Our people are at the heart of everything we do. We are an equal opportunity employer. We provide equal opportunity to all qualified individuals regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, marital status, pregnancy, disability, military status or other legally protected categories.