Requirements

Operating system

Windows

Our requirements

• Business analysis: ability to listen, ask the right questions, draw critical conclusions from data and search for options across people, process and technology
• Communication: comfortable in shifting between conversations with low-level technical SMEs and leadership level updates
• Technical acumen & curiosity: ability to confidently relate technical context shared by SMEs to business & security outcomes; willingness to expand your technical & security understanding
• Ability to organize your own and other’s work – efficient & clear tracking of progress, realistic planning
• Documentation management ability to adhere to and improve a standard of documentation to make sure they are clear, professional, traceable to decisions and support your role’s objectives
• Has significant working experience a highly technical environment in roles such as business analyst, project manager (i.e. integration, DevOps, IT Infrastructure projects) OR in an audit/ security role pertaining to technology
• Proven experience in driving change and problem-solving across teams & departments
• Experience in leading and tracking progress on a portfolio of concurrent activities that requires adherence to a strict timeline and support of multiple people outside of your own team
• Exposure to & understanding of the concept of risk and risk frameworks in prior roles - at minimum in the form of tracking & managing project-related risks
• (Beneficial, not mandatory) Experience in financial industry and working understanding of the regulations that an insurance or other regulated company is subject to (i.e. DORA, CFIUS, GDPR, SHREMS II ...)

Optional

• Relevant risk or security qualifications
• Project management qualifications
• Business analysis qualifications
• Exposure to & understanding of IT Security controls in prior roles
• Experience developing and measuring control effectiveness

Your responsibilities

• Tracking of formally defined remediation plans to resolution
• Be the central coordination point across GT for IT Security action plans resulting from Audit, Risk Second Opinion, Information Security Assurance findings.
• Track status, make sure adherence to deadlines and escalate delays early
• Partner with IT Risk & Governance and Information Security Assurance to make sure clarity & collaboration throughout the process.
• Support the relevant IT teams in the creation and review of appropriate closure documents
• Root cause analysis and joint problem solving
• For selected new issues & improvement points - originating either from formal, or informal source, coordinate the root cause analysis & remediation planning across the organisation.
• Facilitate workshops and meetings
• Foster collaborative culture and XL’s strategic behaviours: Start with the Client , Own IT, Solve IT Together & Actually Make IT Better
• Document findings
• Make sure hand off of the defined plan to appropriate owner
• Building, trust-based relationships with members of the Global Technology & Security teams
• Supporting and improving IT Security Governance Forums
• Coordinate agenda definition & materials gathering for selected regular governance forums & working groups , ensuring materials are ready in time and of good quality
• Work with IT Security team leadership to make sure the working groups and governance meetings play a constructive role in the continuous improvement of the IT Security in XL
• Support relevant IT & Security teams in definition and clear reporting of security control metrics which help drive the right improvement decisions & allow early detection of issues
• Acting as Risk Champion for IT Security team
• Be the dedicated point of contact for IT Risk management in the IT Security function
• Educate the IT Security team on the IT Risk Management Framework and assist colleagues to apply it correctly to identify, assess, manage, monitor, and report all risk events
• Make sure appropriate IT Security Risk Events are recorded and documented and provide meaningful leadership updates on those risks when necessary.