With the increasing significance of the DORA regulation, our Group Security & Resilience team at UNIQA Insurance Group is expanding to provide enhanced support to our clients across the UNIQA Group. We are currently seeking an experienced colleague to join us in developing, communicating, and strengthening specific components of the UNIQA Security & Resilience Governance Framework, with a particular focus on information security.
- Do you see yourself proactively identifying emerging threats and adapting our governance framework to stay ahead of evolving risks, thereby safeguarding our business operations?
- Are you passionate about fostering a culture of transparency and trust by establishing robust security measures, enabling our organization to thrive in a secure environment and pursue business opportunities with confidence?
Our primary objective is to align with the evolving threat landscape, fulfill legal requirements, and ensure effective information security governance throughout designated units.
Your main tasks:
- Develop, establish, communicate, and continually enhance designated parts of the UNIQA Security Governance Framework, with a specific emphasis on information security and IT risk management. This involves alignment with the threat landscape and legal compliance, as well as supervising designated UNIQA business units in implementing and complying with information security governance.
- Establish, operate, and continuously improve the security management system for designated units of the UNIQA Group, concentrating on information security and IT risk. Conduct risk assessments for IT applications, infrastructure, documents, information, and other assets, with a primary focus on information security.
- Collaborate with cross-functional teams to evolve security requirements within cloud environments as well as for AI usages.
- Perform security assurance reviews within the managed security governance, identifying security issues and deriving security risks. Communicate identified security issues and derived risks to relevant stakeholders, including local senior management and the local board.
- Lead or support in defining security issues, measures, and exceptions to comply with security governance. Conduct periodic checks on their statuses.
- Conduct periodic internal controls to ensure the quality of local second-line defense activities in the field of information security, including sample reviews of closed measures and issues. Internal controls also encompass specific audits independent of security assurance reviews.
- Execute and support local or group-wide projects, processes, or tools contributing to the overarching goals of group security and risk management.