Systems & Security Engineer

Accountable for Confidentiality, Integrity, and Availability of the Velogica data, systems and cloud computing environment, ensuring policy and control frameworks are current, appropriate, respected, and evidenced for audit.  Additionally, facilitate audits, especially SOC 2 Type II, customer inquiries related to these areas, and support collaborative security/compliance efforts with the larger SCOR community.  This is a technical security role with a mix of security design, operations, and local policy setting in addition to supporting SOC 2 audits and client requirements.

• Develop, maintain, implement, and enforce Information Security policies, standards, procedures, guidelines, controls, best practices, and technical solutions for the Velogica department, including, but not limited to:
• Lead the Velogica SOC 2 Type II, ISO 27001 efforts.
• Facilitation of SOC 2/ISO 27001 policy creation, review, and updates, and associated annual audits with third-party auditors and internal control owners.
• Coordination of classification, labeling and control of SCOR Velogica information assets.
• Internal Computer Incident Response Team (CIRT) planning to address security breaches.
• Direction of business continuity and disaster recovery planning, including at least annual testing.
• Champion DevSecOps principles by ensuring security measures are embedded by design in systems and products and facilitate adoption efforts for the Velogica US team.
• Work with external clients to respond to client security assessments, review and negotiate security related contract language, and conduct ongoing periodic reviews as required.
• Coordinate all security-related activities with IT functions, cloud, infrastructure, application development, data teams, Human Resources, Legal counsel, the SCOR global security office and the Velogica business unit.
• Coordinate vulnerability assessments, security reviews, and investigations (Information Security Assessments), including annual due diligence for all technology and data vendors.
• Develop remediation plans to address weaknesses identified from Information Security Assessments and regularly communicate status of plan to appropriate management.
• Support action on critical alerts and develop incident response plans.
• Work with the Global Security and Compliance team to support projects and requirements.
• Function effectively as a self-directed, independent decision-maker.
• Stay current with existing and emerging security technologies and develop strategic plans that meet company information security standards and lead to improved information security.
• Participate in security industry user groups and conferences to ensure up to date knowledge of industry trends.
• Create and maintain operational documentation as required. 
• Adhere to Information Security policies and best practices, including security awareness training and other information protection initiatives.
• On-call availability for emergency information security analysis or corrective action is a requirement of this job.
• Other duties as required for the position.

Member of the following committees: e.g., Audit committee, Investment Committee etc.

• Velogica US Steering Committee – approves policies and controls for the Velogica US organization relevant to security and compliance
• Velogica Software Engineering Process Group (VSEPG) – approves changes relevant to SDLC

• BS degree in Computer Science, Information Security, Engineering, Mathematics or equivalent experience
• At least 6 years in an information security role, or related IT role with understanding of information security principles, and information security-related technologies and products 
• Strong background in Information Security and security vulnerability identification and remediation, with a preference for cloud-based security strategies (and AWS experience in particular).
• Relevant certifications, preferred.
• Knowledge AICPA SOC 2 framework and ISO 27001 Standards, preferred.
• Insurance or Reinsurance experience, preferred.
• Influence, management, presentation, risk assessment and facilitation skills
• Effective interpersonal communication skills and ability to direct colleagues
• Vendor management experience
• Software development knowledge/experience
• Computer/network forensics knowledge
• Strong written and oral communication skills
• Strong problem-solving and analytical skills
• Working knowledge of Human Resources and Legal issues in Information Security, preferred

Candidates must have valid authorization to work in the U.S. without the need for employer sponsorship now or in the future.

Hybrid Work Policy: SCOR is committed to an "in office" culture where people can collaborate, exchange ideas, and establish stronger working relationships while still providing flexibility. To support employee work-life balance and increase opportunities for employees to excel every day, SCOR operates with a hybrid working arrangement. SCOR employees work 3 days per week in an office with the flexibility to work 2 days per week remotely.

Pay Range for roles performed in NC: $102,000-$125,000 base salary per year. Actual salaries may vary based on various factors including but not limited to location, experience, role and performance. The range listed is just one component of SCOR's total compensation package for employees. Other rewards may include annual bonuses, short- and long-term incentives. In addition, we provide a variety of benefits to employees, including health insurance coverage, life and disability insurance, a retirement saving plan, paid holidays and paid time off.

As a leading global reinsurer, SCOR offers its clients a diversified and innovative range of reinsurance and insurance solutions and services to control and manage risk. Applying “The Art & Science of Risk,” SCOR uses its industry-recognized expertise and cutting-edge financial solutions to serve its clients and contribute to the welfare and resilience of society in around 160 countries worldwide.

Working at SCOR means engaging with some of the best minds in the industry – actuaries, data scientists, underwriters, risk modelers, engineers, and many others – as we work together to find solutions to pressing challenges facing societies.

As an international company, our common culture is defined by “The SCOR Way.” Serving both to build momentum that drives the Group forward and as a compass to guide our actions and choices, The SCOR Way is anchored by five core values, reflecting the input of employees at all levels of the Group. We care about clients, people, and societies. We perform with integrity. We act with courage. We encourage open minds. And we thrive through collaboration.

SCOR supports inclusion and the diversity of talents, and all positions are open to people with disabilities.