IT Security Engineer III

Tokio Marine HCC (TMHCC) brings 50 years of service to the specialty insurance industry, today offering over 100 products to commercial customers in 180 countries around the world.  Organic growth and over 60 successful acquisitions have grown our 2022 Gross Written Premium (GWP) to $5 Billion.  Our workforce has grown to 4,300 worldwide … big, but not so big that you cannot make a difference.  Our Good Company values, including integrity, empowerment, and commitment to customer service, and a culture of innovation, communication, and collaboration make TMHCC a great place to work. 

TMHCC Stop Loss, a $2 Billion division within TMHCC, leads the way in providing medical stop loss insurance sold to employers. Medical Stop Loss provides an added layer of insurance protection to employers who choose to self-fund their health benefit plans. Self-funding can incur risks from catastrophic claims, and Medical Stop Loss insurance from Tokio Marine HCC is designed to protect employers from that risk. 

*This role is located onsite in Kennesaw GA*

Position Summary:

Reviews, evaluates, and maintains systems and procedures to protect the confidentiality, integrity, and availability of information assets and is responsible for identifying, analyzing and influencing the management of information risks across the organization. Identifies the cybersecurity requirements, selects solutions, and implements supporting technology and processes.

Key Responsibilities:

• Assess and identify cybersecurity requirements and gaps based on corporate environment and risk-To address those requirements, lead the selection and implementation of supporting technologies, controls and/or processes.

• Participate in security design reviews and threat model reviews prior to the release of new products or features, clearly communicating the different security options and tradeoffs.
• Design and manage security in the cloud, including AWS and Azure.
• Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for, and exceptions are tracked in accordance with frameworks, policies, and standards.
• Provides consultative advice to information governance or security teams that enables them to suggest informed risk management decisions.
• Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
• Review and reduce inappropriate/overprovisioned access to drive least privilege access and separation of duties.
• Maintain and support authentication and access systems (e.g. Microsoft Active Directory, Okta, cloud-based IAM. Cyberark Privilege Access Management, Dynamic Privilege Access, and Conjure Cloud experience highly desired.)
• Monitor and review security dashboards (e.g., CrowdStrike, Dynatrace, GitHub Advanced Security, Varonis) and drive issue remediation activities.
• Drive business-wide projects to improve security posture, which includes the creation key stakeholder reporting.
• Collaborate with the IT and security teams to respond to security incidents and ensure timely mitigation of threats.

Education, Experience & Knowledge

• Assist with the Annual SOC 2 audit and IT Ransomware Tabletop Exercise.
• Assist with implementation of DevSecOps technology and processes.
• Assist in the developing and enforcing security policies, standards, and procedures to protect information assets.
• Research vulnerabilities, perform vulnerability scanning (e.g., Qualys) and produce a daily Vulnerability Reports—as well as seek ways to improve on all through automation and dashboarding.
• Maintain and update the Application Inventory system (e.g., LeanIX) to accurately track software deployed in the environment.
• Manage vendor relationships and handle conflict resolution.
• Perform contract reviews (e.g. SOW, procurement, legal agreements, etc) reviews.

• Minimum 4 Year / Bachelors Degree in Computer Science, a related field, or the equivalent education and/or experience

• Preferred Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA). | Optional: Project Management Professional certification (PMP).

• 5 Years of relevant and progressive professional experience.

• Strong knowledge of the NIST cybersecurity framework
• Possess and have ability to apply broad knowledge of principles, practices, and procedures.
• Thorough knowledge of industry accepted security architectures
• Thorough knowledge of authentication and access systems
• Able to effectively analyze risk within the context of business problems.
• General multi-platform information security knowledge in cloud, networks, Windows, desktops, servers, and application systems
• Working knowledge of information security tools for intrusion monitoring, filtering, event management, compliance management and vulnerability management
• General knowledge of regulatory requirements such as SOC 2, Sarbanes-Oxley, Health Information Portability & Accountability Act (HIPAA), along with US data privacy laws
• Experience in following system information security policies, standards, and procedures
• Experience implementing security related projects.
• Excellent written and verbal communications skills with an emphasis on confidentiality, tact, and diplomacy
• Exceptional organizational and analytical skills; demonstrated ability to manage multiple tasks simultaneously.
• Knowledgeable of industry changes, legal updates, and technical developments related to applicable area of the Company's business to proactively respond to changing business environment

Tokio Marine offers a competitive salary and benefits package, including: 

• Generous paid time off (PTO), 12 paid company holidays,

• 401(k) Retirement Plan with 6% company match.

• Health and dental insurance, and vision plan available.

• Company-provided long-term disability and life insurance.

• Opportunities for advancement in a successful and growing organization.

• Flexible work schedules and a great work/life balance.

• Paid Parental Leave.

• Volunteer Time Off.

• Enjoy casual dress and work in a modern, comfortable office with free parking.

• Hybrid work schedule

The Tokio Marine HCC Group of Companies offers a successful, dynamic organization experiencing rapid growth and are seeking energetic and confident individuals to join our team of professionals. The Tokio Marine HCC Group of Companies is an equal-opportunity employer. Please visit www.tmhcc.com for more information about our companies.

#LI-CM3

#stoploss1