Arthur J. Gallagher & Co., one of the world's largest insurance brokerage and risk management services firms, provides a full range of retail and wholesale property/casualty (P/C) brokerage and alternative risk transfer services globally, as well as employee benefit brokerage, consulting and actuarial services. Gallagher also offers claims and information management, risk control consulting and appraisal services to clients around the world. If you're looking for a professional career with an industry leader then you have come to the right place. Wherever your interests lie, we're sure you will agree on one thing: our continued prosperity hinges on our greatest resource --- our people.
The Information Security Manager – Data Security will support the Information Security Leader in implementation of business aligned cybersecurity program. Responsible for leading the cybersecurity risk committee meetings for the sustainment and continuous monitoring of divisional and enterprise level cybersecurity and data privacy risks. Partner with various stakeholders across the enterprise to promote the cybersecurity program and understand their requirements that influence how the cybersecurity program should perform and consistently operate.
Essential Duties and Responsibilities:
- Perform privacy and/or security reviews including regulatory assessments, risk analyses, information inventory and data mapping, vendor security assessments, and additional privacy or security compliance related projects.
- Perform analyses against large data sets to discover patterns and deliver meaningful insights.
- Develop and implement security and privacy awareness training program and reporting. Determine desirable human performance metrics while meeting regulatory compliance requirements for security awareness.
- Lead and support in incident response and data breach management, including incident investigation, fact-gathering and documentation, and regulatory or state breach notification procedures.
- Assess or develop organization’s cybersecurity and risk strategy as it relates to data risk, cyber risk frameworks and policies, and/or cyber risk measures, methods, and reporting.
- Evaluate regulatory compliance requirements such as PCI DSS, GDPR, NYDFS CRR 500, and HIPAA.
- Bachelor's degree in Computer Science, Information Technology or similar field of study required.
- 5+ years related experience required.