Share this Job

Armonk, NY, US

Cyber Risk Analyst


About Swiss Re

Swiss Re is one of the world’s leading providers of reinsurance, insurance and other forms of insurance-based risk transfer, working to make the world more resilient. We anticipate and manage a wide variety of risks, from natural catastrophes and climate change to cybercrime.

At Swiss Re we combine experience with creative thinking and cutting-edge expertise to create new opportunities and solutions for our clients. This is possible thanks to the collaboration of more than 13,000 employees across the world.

We offer a flexible working environment where curious and adaptable people thrive. Are you interested in joining us?


About the role:

Do security questions, new adversarial approaches, and technical solutions to these excite you? Then you're the right talent to join Swiss Re and help the world become more resilient! As part of our global security program, you will support Swiss Re in continuously challenging and thus strengthening the protection of the confidentiality, integrity and availability of client data, intellectual property, and IT assets. The role is tasked with overseeing end-to-end security assessments and improve the overall resilience and defensive capabilities of the organization.

About the team:

This position is part of the Cyber Risk Management team within Group Risk Management who provide risk transparency, oversight, and control of cyber risks to the business. A team of globally distributed cyber risk experts with a wealth of knowledge and experience who are passionate about identifying and managing cyber risks. Cyber Risk Management is closely collaborating with the Chief Security Officer organization.

Our success comes from our people which is why we seek to attract, develop, and retain those who enjoy the challenge of dealing with the risks resulting from our ever-changing cyber threat landscape.

You will be a member of the Cyber Risk Management function and partner with business units in their journey to grow their business by anticipating key cyber security risks and guiding them accordingly through their initiatives.

Key tasks/activities:

  • Conduct cyber risk reviews and spot-checks to ensure ongoing compliance with security regulations;
  • You will provide actionable insights to business on emerging cyber risks;
  • Designing awareness and training material for various employee groups and provide training and education for employees regarding cyber security;
  • Perform vendor due diligence and risk assessments to gain assurance of their Information Security practice, including ongoing reviews;
  • Assist with development and maintenance of Global Information Security policies and standards in-line with changing business and regulatory requirements as well as changing industry good practice
  • You will contribute to the ongoing development of the Cyber Risk Management function, its processes, and tools to ensure that it remains current and effective;
  • You will closely collaborate with the Senior Cyber Risk Manager in the Americas region and the global team;

About you:

  • Experience in a related role;
  • Understanding of security frameworks and regulations (e.g. ISO27001/2, NIST, HIPAA);
  • Security mindset, understanding of Information Security & Cyber risks and controls;
  • Understanding of application security vulnerabilities (i.e. OWASP);
  • Sound knowledge about IT security infrastructure and modern authentication & authorization protocols (such as Kerberos, SAML, OAuth, OIDC etc.);
  • You enjoy delivering excellent client service and understand the trade-offs of the technical solutions vs. the business challenges;
  • An understanding of cyber security threats, attacks and countermeasures;
  • Experience with the security aspects of Microsoft technologies such as Exchange, SharePoint, and Office 365;
  • Solid knowledge of mobile security technologies and MDM;
  • Experience with Microsoft Azure cloud or similar cloud providers;
  • Experience with serverless architectures, and common virtualization techniques (hypervisors/containers);
  • Experience with DevSecOps and agile development concepts;
  • Preferably you hold a university degree in IT, cyber security, engineering, or alternatively you hold an appropriate security certification (i.e. CISSP, CISM, CISA etc.);

Personal skills:

  • Proactive in conducting your own research and are strongly focused on continuous personal development in the field to keep up to date on new and emerging technologies, regulations, and risks.
  • Independent and critical thinking with a willingness to research and understand the context and "bigger picture" and comfortable to challenge constructively
  • Great teammate, good communicator, willingness to share knowledge and experience within and across the team and with other related functions



Reference Code: 100295 


Nearest Major Market: White Plains
Nearest Secondary Market: New York City

Job Segment: Risk Management, Data Management, Law, Compliance, Finance, Data, Legal, Research