Share this Job

Shanghai, SH, CN

Product Security Expert - Technology


About iptiQ

iptiQ is a risk tech start-up within Swiss Re Group. Swiss Re is one of the world’s leading providers of reinsurance, insurance and other forms of insurance-based risk transfer. We anticipate and manage a wide variety of risks, from natural catastrophes and climate change to cybercrime.

iptiQ provides digital, bespoke and transparent L&H and P&C protection products in a B2B2C manner. Founded in 2014, we're transforming the way consumers buy insurance with a unique digital insurance engine which incorporates the latest technology with world-class underwriting capabilities. We build strong partnerships to sell insurance via trusted brands.

iptiQ offers a flexible working environment where curious and adaptable people thrive. Are you interested in joining us?


About the Role

As the Product Security Expert you will be responsible for ensuring the end-to-end security of the InsurTech platform and other products developed at iptiQ China. To accomplish this, you will be a key contributor in establishing and continuously improving the organization’s cybersecurity / data privacy controls and governance frameworks, as well as the processes and practices in compliance with the Swiss Re Group standards and the local laws and regulations. This position is responsible for managing the risks in the operation of the business and associated technology environments in the Cloud, as well as across a broad Third Party and Partner ecosystem. This role will have the opportunity to collaborate with the information security experts in the Swiss Re group to establish and continuously improve best practice security frameworks and processes.


This is a rare opportunity to join a new business unit within an established company; combining the dynamic spirit of a start-up with the backing of Swiss Re's strong organization. You will work closely in multi-functional teams to ensure the end-to-end security of the technology platform that fulfil our business and product vision and ultimately bring value to our customers and partners by disrupting the traditional insurance proposition.


Conduct & Fair Customer Outcomes - Putting customers interests at the heart of how we conduct business. Demonstrated through your individual behaviours with a clear focus on treating our customers fairly and delivering the right outcomes at all stages throughout the product lifecycle.


Swiss Re Culture – Ensure you positively demonstrate and evidence the Swiss Re leadership/Personal imperatives, supporting the delivery effective behaviours. Responsibility to our clients, shareholders and employees to achieve and maintain world-class performance.

  • We are driving an agile and commercial culture to be successful in a dynamic environment

  • "Leadership from Every Seat" means every employee to act as leader and take ownership no matter where you sit in the organization.


Your Responsibilities

  • Operationalize and lead the end-to-end Security activities - being engaged in reviewing and recommending the implementation of safeguards, as appropriate, to reduce overall cybersecurity risk posture

  • Responsible for driving key projects for Production Security Operations and Oversight. Contribute to standards, best practices and governance process of the entity and group community.

  • Assist in verifying that compliance obligations are fulfilled, through the assessment and certification of compliance to all applicable regulatory requirements and standards, including but not limited to: NYDFS 23 NYCRR 500, PCI-DSS, HIPAA, GLBA, as well as standards of HITRUST and SOC2 control objectives

  • Understand, analyse and monitor cyber and information security requirements coming from relevant laws and regulations from Greater China

  • Identify, evaluate and report cyber and information security risks in a manner that meets compliance and regulatory requirements and Swiss Re's risk appetite

  • Oversee internal information security auditing, identify the root cause of non-conformity reports and opportunity for improvements, define and complete the corrective action plan

  • Work closely with Group Information Security and Compliance teams, and External Audit teams to consolidate network security and data security on the cloud platform, ensure continuous improvement on weakness

  • Define and deliver end-to-end information security processes in close alignment with the technology team as well as various business partners

  • Provide continuous guidance and support to the teams in implementing practices that meet defined standards and policies for information security

  • Create and employ disaster recovery solutions and assist with continuous improvement

  • Monitor and ensure security of all applications and take corrective actions to identify and handle any incidents or risks

  • Facilitate Agile, DevOps process improvement, challenging existing practices and driving ideas and solutions that promote better ways of working


About you


You have a track record of being responsible for end-to-end information security of IT Platform and Cloud Operations function

  • Hands-on 5+ years' experience with leading information security activities end-to-end in a cloud-based platform, for examples, AWS, AliCloud or Azure

  • 3+ years of experience in information security and technology management, including data security, cyber/network security and compliance

  • Bachelor's degree (or higher) in Computer Security, Computer Science or Engineering

  • Familiar with DevOps, Release Management and ITIL

  • Experience with risk assessments, particularly SSAE18 SOC2

  • Certificates on CISP, CISSP, ISO27001, Prince2 and CCNP/CCIE are highly preferred

  • Deep understanding of the implications and the trade-offs of different solutions with regards to performance, reliability, availability and security

  • Analytical and structured approach in analysing and troubleshooting distributed architectures

  • Strong problem-solving mindset and collaborative approach to incidents mitigation, triage and resolution

  • Experience with Cloud computing platforms (particularly AliCloud), applications containerization/orchestration (Docker, Kubernetes), configuration management (Terraform, Ansible, Chef, Puppet) and implementing continuous development, delivery and deployment solutions (GIT, Gradle, Bazel/Pants/Buck, Jenkins, GoCD, TeamCity, Spinnaker ...) is preferred

  • Experience in software engineering in any modern language (Python, Go, Rust, Java, Kotlin, C++, C#) is a plus

  • Experience in best practices around IT security and handling of sensitive customer data according to GDPR, CBIRC regulatory framework etc.

  • Strong understanding of the insurance industry in China, particularly P&C market.


You are:

  • You are a great team player collaborating effectively with team members, expressing technical leadership supporting your views and ideas while staying open to different opinions, being fearless and always contributing to the overall growth of the team

  • Continuous learner who stays up-to-date with the latest trends and carefully vet with proper pragmatism and long-term vision the adoption of new technologies

  • Excellent written and oral communication skills in Chinese Mandarin is a prerequisite, and fluency in English is a must

  • Ability to influence decisions in a large organization

  • You are able to work in an international environment

  • You have experience in working with high-speed and highly innovative culture


We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status.

Keywords: ISO, CISP, data security, cyber/network security 
Reference Code: 102762 


Job Segment: Underwriter, Law, Compliance, Business Process, PLM, Insurance, Legal, Management