Share this Job

Beijing, 11, CN


Senior Cyber Risk Manager 

About Swiss Re

The Swiss Re Group is one of the world’s leading providers of reinsurance, insurance and other forms of insurance-based risk transfer, working to make the world more resilient. It anticipates and manages risk – from natural catastrophes to climate change, from ageing populations to cybercrime. The aim of the Swiss Re Group is to enable society to thrive and progress, creating new opportunities and solutions for its clients. Headquartered in Zurich, Switzerland, where it was founded in 1863, the Swiss Re Group operates through a network of around 80 offices globally. It is organised into three Business Units, each with a distinct strategy and set of objectives contributing to the Group’s overall mission.


About the Role

As part of our global cyber security programme, you will support Swiss Re in continuously challenging and thus strengthening the confidentiality, integrity and availability of its client data, intellectual property, and IT assets.  You will represent the Cyber Risk Management function in China, and partner with business units in their journey to grow their business by anticipating key cyber security risks to our systems and guiding them accordingly through their initiatives to mitigate the risks to an acceptable level.  You will be responsible for various cyber risk related activities that include: risk assessments and reviews of business and IT processes and solutions, technical security assessments of new applications or technology, due diligence reviews of outsourcing partners, security awareness training and provide cyber risk consultancy. Do cyber risks, new adversarial approaches, and technical solutions to mitigate these excite you? Then we would be excited to have you join us in making both Swiss Re and the world more resilient!


Main tasks/activities 

• Conduct risk assessments of new or materially changed systems and facilitate or conduct associated security penetration testing.

• Conduct risk reviews and spot-checks to ensure ongoing compliance with security regulations.

• Provide training and education for staff on all aspects of cyber security risks.

• Support vendor due diligence and risk assessments to gain assurance of their cyber security practice, including ongoing reviews.

• Respond to information and cyber risk questionnaires and audits by clients and regulators in close collaboration with the business functions, IT, and Legal.

• Assist with development and maintenance of Global Information Security policies and standards in-line with changing business and regulatory requirements as well as changing industry good practice.

• Contribute to the ongoing development of the Cyber Risk Management function, its processes, and tools to ensure that it remains current and effective.


About the Team

Cyber Risk Management


About you

• Experience in a related role, preferably in a similar position at a financial, insurance, or healthcare institution with a global footprint.

• Experience in performing application and infrastructure penetration tests and using associated frameworks and tools (OWASP, Nessus, etc.).

• Understanding of protocols and application techniques like HTTP, Kerberos, OAuth, SAML, containerisation technologies, microservice infrastructure, secure APIs, secure DevOps practices. 

• Strong knowledge and practical implementation experience of security frameworks and regulations (ISO27001/2, NIST, HIPAA, OWASP).

• An in-depth understanding of cyber threats, attacks and countermeasures.

• Experience with the security aspects of Microsoft technologies such as Exchange, SharePoint, Active Directory, Office 365, and Azure.

• Familiarity with multi-cloud environments, and security automation of cloud blueprints across platforms.

• Knowledge in securing all cloud related architecture, including PaaS and SaaS applications, as well as big data solutions.

• Experience of securing Cloud solutions.

• Solid knowledge of mobile security technologies and MDM.

• Ability to initiate, prioritize and drive projects to completion with minimal guidance.

• Excellent communication / listening skills.

• Analytical thinking, structured approach to address complex topics in a concrete manner for the relevant audiences across the organization.

• Naturally curious and self-motivated to conduct your own research and are strongly focused on continuous personal development in the field to keep up to date on new and emerging technologies, regulations, and risks.

• Think independently, ability and willingness to research and understanding the context and "big picture".

• Ability to work independently with the line manager in a different time zone  

• Excellent verbal and written English and Mandarin.


Other comments:  It is desirable that candidates hold an appropriate industry security certification (i.e. CISSP, CISM, CISA, OSCP, OSCE, GPEN, GWAPT).

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, including gender identity or expression, sexual orientation, age, marital status, veteran status, or disability status.

Reference Code: 89066