Cyber Risk Engineer

Cyber Risk Engineer

With the nature of Cybersecurity evolving so rapidly, Zurich Commercial Insurance is searching for an experienced Cyber risk specialist to further strengthen Zurich’s capability with regards to Cyber insurance, Cyber risk advisory and Cyber services for businesses.

What you will do

The role will be part of our global Zurich Resilience Solutions (ZRS) advisory unit and will work closely with the Cyber Underwriting teams on global, regional, and local levels, as well as brokers and customers with responsibilities in the following areas:

• Conduct cyber risk assessments of the client’s environment to better understand the cyber exposures, cyber risks, and loss potential.

• Provide technical advice to our cyber underwriters and other stakeholders inside and outside the business as a subject matter expert on cyber risk management.

• Offer guidance and support to our customers to carry out cyber risk management as well as advising them on risk mitigation and cyber strategy development.

• Develop and promote the Zurich Resilience Solutions (ZRS) Cyber Services proposition.

• Support business development activities such as writing and presenting proposals.

• Build strong client relationship by listening and establishing credibility and trust.

• Deliver Information Security Governance consultancy for clients across multiple industries.

• Design and assist our clients in achieving the adequate level of information security maturity.

• Act as a Virtual CISO for our customers or support the CISO in place in the day-to-day operations.

• Represent and promote Zurich Resilience Solutions (ZRS) at Cybersecurity events.

• Drive internal Cyber Security related projects to contribute to the ongoing digital transformation and continuous improvement of our internal methodologies and tools.

• As a member of the Global Risk Engineering Tech Center for Cyber,

o Develop, build, and maintain, in close cooperation with our Global Cyber Underwriting team, our technical standards, policies and processes.

o Control the technical quality and professional standards of the Risk Engineering function to deliver a consistently high-quality service to customers.

What you will bring

• Degree in Cybersecurity or equivalent work experience.

• Relevant experience in the audit and assessment of cyber risks.

• Strong knowledge in Cybersecurity governance, risk, and compliance.

• Familiarity with cybersecurity assessment frameworks such as the NIST, ISO 27001, COBIT or CIS.

• Knowledge, insight, and understanding of cybersecurity concepts, tools, and processes that are needed for making sound decisions in the context of the company's business.

• Experience in the definition of Information Security standards, processes, and procedures.

• Experience in the lead and delivery of information security governance services either as a consultant or in a corporate cybersecurity team.

• Effective communication, presentation, and interpersonal skills.

• Curiosity, innovation, and motivation.

• Able to build reliable relationships with our customers and to build and maintain a network of professional contacts.

• Experience with data protection laws is a plus.

• Experience in cyber insurance helpful but not required.

• CISSP and/or CISM certifications preferred but not required.