Take the next step in your career with us. Allied World is an ideal place for talented professionals who are driven by a belief in the value of collaboration and the power of knowledge. We believe that when our great people work together and support one another, our clients receive the best solutions. We embrace unique perspectives and empower each person to grow through professional development, career training and mentoring programs. Our people are our most important asset, and we are very pro... more detailsud of the quality of our team members. We strive to build an inclusive team culture and value the diversity of the people we hire. Diversity at Allied World means fostering a workplace in which individual differences are recognized, appreciated, respected, and responded to in ways that fully develop and utilize each person's talents and strengths. Reporting Structure:- Reports to: Chief Information Security Officer (CISO) - Partnership: Collaborates closely with the Enterprise Risk Management (ERM) team.
Responsibilities:
1. Risk Identification and Assessment:- Conduct regular risk assessments to identify and evaluate potential threats to enterprise and cyber security.- Utilize frameworks like NIST 2.0, CIS Version 8, and COBIT for structured risk identification and evaluation .. Risk Reporting:- Develop and implement a reporting structure for communicating risk findings to the CISO and partnering with the Enterprise Risk Management (ERM) team.- Ensure reports are clear, concise, and actionable, providing insights into potential impact and recommended mitigation strategies .. Policy Development and Implementation:- Collaborate with relevant stakeholders to develop IT governance policies and procedures.- Ensure these policies align with industry best practices and regulatory requirements .. Compliance and Framework Integration:- Ensure the organization's IT governance practices comply with relevant frameworks, including:- NIST 2.0 (National Institute of Standards and Technology): Focus on identifying, protecting, detecting, responding, and recovering from cybersecurity threats.- CIS Version 8 (Center for Internet Security): Implement critical security controls to defend against prevalent cyber threats.- COBIT (Control Objectives for Information and Related Technologies): Provide a comprehensive framework for IT management and governance to ensure IT alignment with business goals .. Incident Response Coordination:- Coordinate the response to cybersecurity incidents, ensuring timely and effective mitigation and communication.- Develop and maintain an incident response plan in alignment with NIST and CIS guidelines .. Risk Mitigation and Control Implementation:- Work with IT and business units to implement controls and safeguards to mitigate identified risks.- Monitor the effectiveness of these controls and adjust strategies as necessary .. Training and Awareness:- Develop and conduct training programs to raise awareness of IT governance and cyber risk management across the organization.- Ensure that all employees understand their roles in maintaining security and compliance .. Continuous Improvement:- Regularly review and update IT governance practices to reflect changes in the threat landscape and business environment.- Foster a culture of continuous improvement and proactive risk management .. Building a Test Strategy for Controls:- Develop a comprehensive test strategy to evaluate the effectiveness of controls based on NIST 2.0, CIS Version 8, and COBIT frameworks.- Ensure the test strategy includes:- Control Testing Procedures: Detailed steps for testing each control, including both manual and automated testing methods.- Frequency of Testing: Define how often each control should be tested to ensure ongoing effectiveness.- Documentation and Reporting: Create templates and guidelines for documenting test results and reporting findings to relevant stakeholders.- Remediation Plans: Develop plans for addressing any control weaknesses or failures identified during testing.- Metrics and KPIs: Establish key performance indicators to measure the effectiveness of the control testing strategy and identify areas for improvement. Frameworks to Include:1. NIST Cybersecurity Framework 2.0:- Provides a policy framework of computer security guidance for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks .. CIS Controls Version 8:- Offers a prioritized set of actions to protect organizations and data from known cyber-attack vectors. This version is updated to keep up with evolving cyber threats .. COBIT Framework:- A comprehensive framework for managing and governing enterprise IT, focusing on aligning IT goals with business objectives, risk management, and resource optimization. Our Business Allied World Assurance Company Holdings, Ltd, through its subsidiaries, is a global provider of insurance and reinsurance solutions. We operate under the brand Allied World and have supported clients, cedents and trading partners with thoughtful service and meaningful coverages since 2001. We are a subsidiary of Fairfax Financial Holdings, Limited and benefit from a strong capital base and a worldwide network of affiliated entities that allow us to think and respond in non-traditional ways.
