Bratislava, SK


IT Governance & Risk Management Specialist 

About Swiss Re

The Swiss Re Group is one of the world’s leading providers of reinsurance, insurance and other forms of insurance-based risk transfer, working to make the world more resilient. It anticipates and manages risk – from natural catastrophes to climate change, from ageing populations to cybercrime. The aim of the Swiss Re Group is to enable society to thrive and progress, creating new opportunities and solutions for its clients. Headquartered in Zurich, Switzerland, where it was founded in 1863, the Swiss Re Group operates through a network of around 80 offices globally. It is organised into three Business Units, each with a distinct strategy and set of objectives contributing to the Group’s overall mission.


About the Role

We are looking for a new colleague being part of Swiss Re's IT Governance Office team and strongly focusing on Third Party Cyber Risk Management.


The IT Governance Office is the single point of contact for any topic/issue related to governance, risk and compliance. Supporting IT management, the IT Governance Office maintains oversight on all related activities, identifies gaps and improvement opportunities, and steers their closure. The team ensures timely and appropriate responses to regulators and business clients.


In your role, you will work closely together with the CISO Organization and Global Sourcing. The Third Party Cyber Risk Management Program identifies and assesses third parties' cyber risk exposure, their compliance with best-practice-standards and it ensures, in close coordination with the third party stakeholders, that respective risk mitigation activities are addressed and implemented.


While working together with a dedicated offshore assessment team you will build up an internal network with specialists and service recipients across the various organisations around the globe. You act as an enabler and coordinator between the recipient of the service and the assessment team. One of your responsibilities will be assessments of third parties during due diligence / onboarding, in areas of special needs, or in cases where assurance reports require a risk-based review. You will get insights into a large variety of companies and learn about the different approaches managing cyber risks.


This important role requires you to raise relevant concerns regarding the control framework of a third party and to express the related risks from a business point of view. You are able to develop an action plan to mitigate the assessed risk including monitoring and tracking the observations through to resolution. A clear communication of risks, expectations and recommendations internally and to third parties is key for this role.


Swiss Re's vision is to make the world more resilient. And as a member of the Third Party Cyber Risk Management Office you play an active role to support this vision by reducing cyber risks for us and our partners.


With the gained knowledge you will be able to support the IT Governance team in their other activities, in particular assessing compliance with regulatory IT requirements and providing responses to client inquiries.


About the Team

You will be part of Swiss Re's IT Governance team. Your team colleagues are based in Zurich, Bratislava and Munich. The IT Governance Office is embedded in Enterprise Architecture.


"Do the right things right" – that's our mission statement. To inspire confidence – and ultimate trust – from clients, regulators and shareholders in Swiss Re’s services by ensuring and demonstrating that robust controls are applied to all IT resources in Swiss Re’s value chain during their whole lifecycle. The IT Governance Office is working on behalf of the top level management to facilitate the definition and documentation of the IT Governance framework and all related activities. Training, consultancy and support of implementation activities is provided where appropriate.


About You

The following knowledge, skills and abilities you should bring with you:

  • Experience in IT Audit, IT Governance, risk management or security activities preferably in the financial services industry
  • Be an active team player with strong client orientation and flexibility
  • Sound knowledge of information security on a technical as well as a security management level
  • Knowledge of ISO 27'00x / NIST SP 800-53 / ISAE 3000 / SOC 2 standards and reports is a must
  • Ability to describe IT related risks and controls, bring them into the business context and communicate assessment results effectively at all levels of the organisation
  • Sufficient knowledge about third party management/outsourcing processes and risks which allows a professional discussion with Sourcing / Risk / Legal managers
  • CISA, CISM or CGEIT certification are an advantage
  • Good to excellent command of English
  • Any additional language is a plus (Slovakian, German)



We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.


Minimum base salary for this job from 1700 EUR gross/month/full time. Our offer to you may be higher based on your skills and experience and will include additional rewards and benefits. We are required by law to disclose basic wage component (minimum salary) for the advertised positions. We carefully consider your professional competencies, qualifications and experience in our compensation package and/or when offering you other positions. Our compensation philosophy is to pay fairly, also considering market situation and the value employees may bring to Swiss Re.


We provide feedback to all candidates via email. If you have not heard back from us, please check your spam folder.


Reference Code: 88747