Information Security Risk Officer

ERGO Insurance Pte. Ltd. is a registered general insurer regulated by the Monetary Authority of
Singapore. We are a wholly owned Singapore subsidiary of ERGO Group AG, one of the major
insurance groups in Germany and Europe, and we are the primary insurance arm of Munich Re,
one of the leading reinsurers and risk carriers worldwide.
We want to become a leader in the Singapore market by offering innovative insurance solutions
that meet the needs of our intermediaries and our mutual customers. We want to underwrite a
balanced portfolio of insurance risks that allow us to achieve a profit that is commensurate to our
risk appetite and the available risk capital. Within this setting, we want to grow the portfolio and
achieve a size that enables the Company to be competitive in the long-term.
We are seeking a highly-motivated individual with professional experience to join our team as an
Information Security Risk Officer, reporting to the Chief Risk Officer.
**Requirements**:
To be successful in this role, you will possess the following experience, knowledge and skills:

- Degree in Information Security, Computer Science or IT preferred
- Industry qualifications such as CRISC, CISSP, CISA, COBIT, ITIL preferred.
- Membership of a professional information security organisation preferred
- In-depth knowledge of information security solutions, methodology, controls and best

practices (such as the NIST framework, ISO27002 etc)
- Good understanding of insurance operations and systems an advantage
- 5+ years of relevant work experience (Information Security Officer, IT Auditor etc)
- Familiarity with the applicable information security regulations in Singapore preferred
- Experience in working with multitude of stakeholders and teams

Job description

**The successful applicant will**:

- Implement the ERGO Group Information Security frameworks for the Company, including

all related policies, guidelines and work instructions
- Provide insight and identify non-compliance with Group framework or local regulatory

requirements and work with the first line to close gaps
- Support the identification, assessment, and prioritisation of information security threats and

work with relevant stakeholders for control enhancement
- Conduct/review security risk assessments and provide guidance to asset owners in terms

of protection needs analysis and liaison with IT to ensure that these protections are
implemented
- Provide regular updates to Executive Commmitee, the Board of Directors and the Segment

/ Group’s CISO on information security risks, mitigation actions, progress of security
measures implementation, key information security incidents, and risk assessments
- Assess, review and challenge first line measures and activities and participate in first line

projects as necessary to provide second line of defence oversight
- Plan, design and implement measures for security education and training in accordance

with the Group‘s frameworks
2
- Participate in investigations as requested by Segment / Group CISO office
- Work with the first line in terms of coordination/support of internal and external information

security-related audits
- Align topics around business continuity management such as Business Impact Analysis

and Business Continuity Plan and assist in the update and review of these documents,
including participating or organising and developing as part of the business crisis team in
the case of an information security incident
- Assist in the development of BCP tests, exercises and attestations
- Be part of the Risk Management function and work with the Chief Risk Officer on other risk

topics as required
Contact