Systems Engineer: III (Senior)

Systems & Security Engineer

COMEX: US Life CEO	Location: Charlotte
Department (service) : Velogica Cost Center: - L&H - Technology Office Digital Solutions US Cost Center legal entity code: US4 Taxonomie Activity: BLZ - Business IT	For HR BP / G HR BP usage Global Grade: 12 - Senior Associates 1 Job reference: Project Management L&H Manager 1 Reasons for Hiring: Resignation Name of employee replaced: Darren Curtis Reason of replacement:
Reports to: N+1: Solutions Delivery Leader N+2: EVP, US Inforce Double reporting line: N/A	People management responsibility: N/A

Short Summary The Velogica team is seeking a Systems and Security engineer to implement and maintain systems, process, and control frameworks that ensure and demonstrate for audit the confidentiality, integrity and availability of the Velogica data, systems and cloud computing environment.

Job Summary Accountable for Confidentiality, Integrity, and Availability of the Velogica data, systems and cloud computing environment, ensuring policy and control frameworks are current, appropriate, respected, and evidenced for audit. Additionally, facilitate audits, especially SOC 2 Type II, customer inquiries related to these areas, and support collaborative security/compliance efforts with the larger SCOR community. This is a technical security role with a mix of security design, operations, and local policy setting in addition to supporting SOC 2 audits and client requirements.

Key duties and responsibilities Develop, maintain, implement, and enforce Information Security policies, standards, procedures, guidelines, controls, best practices, and technical solutions for the Velogica department, including, but not limited to: Lead the Velogica SOC 2 Type II, ISO 27001 efforts. Facilitation of SOC 2/ISO 27001 policy creation, review, and updates, and associated annual audits with third-party auditors and internal control owners. Coordination of classification, labeling and control of SCOR Velogica information assets. Internal Computer Incident Response Team (CIRT) planning to address security breaches. Direction of business continuity and disaster recovery planning, including at least annual testing. Champion DevSecOps principles by ensuring security measures are embedded by design in systems and products and facilitate adoption efforts for the Velogica US team. Work with external clients to respond to client security assessments, review and negotiate security related contract language, and conduct ongoing periodic reviews as required. Coordinate all security-related activities with IT functions, cloud, infrastructure, application development, data teams, Human Resources, Legal counsel, the SCOR global security office and the Velogica business unit. Coordinate vulnerability assessments, security reviews, and investigations (Information Security Assessments), including annual due diligence for all technology and data vendors. Develop remediation plans to address weaknesses identified from Information Security Assessments and regularly communicate status of plan to appropriate management. Support action on critical alerts and develop incident response plans. Work with the Global Security and Compliance team to support projects and requirements. Function effectively as a self-directed, independent decision-maker. Stay current with existing and emerging security technologies and develop strategic plans that meet company information security standards and lead to improved information security. Participate in security industry user groups and conferences to ensure up to date knowledge of industry trends. Create and maintain operational documentation as required. Adhere to Information Security policies and best practices, including security awareness training and other information protection initiatives. On-call availability for emergency information security analysis or corrective action is a requirement of this job. Other duties as required for the position. Member of the following committees: e.g., Audit committee, Investment Committee etc. Velogica US Steering Committee - approves policies and controls for the Velogica US organization relevant to security and compliance Velogica Software Engineering Process Group (VSEPG) - approves changes relevant to SDLC

Required experience & competencies Experience: At least 6 years in an information security role, or related IT role with understanding of information security principles, and information security-related technologies and products Strong background in Information Security and security vulnerability identification and remediation, with a preference for cloud-based security strategies (and AWS experience in particular). Influence, management, presentation, risk assessment and facilitation skills Effective interpersonal communication skills and ability to direct colleagues Vendor management experience Software development knowledge/experience Computer/network forensics knowledge Strong written and oral communication skills Strong problem-solving and analytical skills Working knowledge of Human Resources and Legal issues in Information Security, preferred Relevant certifications, preferred. Knowledge AICPA SOC 2 framework and ISO 27001 Standards, preferred. Insurance or Reinsurance experience, preferred. Personal Competencies: Adaptability - Maintaining effectiveness when experiencing major changes in work responsibilities or environment; adjusting effectively to work within new work structures, processes, requirements, or cultures. Aligning Performance for Success - Focusing and guiding others in accomplishing work objectives. Building Strategic Work Relationships - Developing and using collaborative relationships to facilitate the accomplishment of work goals. Decision Making - Identifying and understanding issues, problems, and opportunities; comparing data from different sources to draw conclusions; using effective approaches for choosing a course of action or developing appropriate solutions; taking action that is consistent with available facts, constraints, and probable consequences. Information Monitoring - Setting up ongoing procedures to collect and review information needed to manage an organization or ongoing activities within it. Planning and Organizing - Establishing courses of action for self and others to ensure that work is completed efficiently. Technical / Professional Knowledge - Having achieved a satisfactory level of technical and professional skill or knowledge in position-related areas; keeping up with current developments and trends in areas of expertise. Work Standards - Setting high standards of performance for self and others; assuming responsibility and accountability for successfully completing assignments or tasks; self-imposing standards of excellence rather than having standards imposed. Digital Competencies: Ability to employ information: identify, recognize, record and store digital information to facilitate retrieval and use Ability to secure information: identify, implement, and operate systems and processes to properly handle and protect sensitive systems and digital information Ability to access information: locate, select and retrieve digital information Ability to determine data's quality, value, and relevance in different contexts Ability to turn information into business insights, analyze trends and how to compare or combine relevant data sets Apply security measures in digital environments: protect hardware, software applications, data and personal information Ability to create information: generate new digital content and knowledge by organizing, integrating, adapting and applying digital information Ability to encrypt data Ability to identify and assess accurate sources of information

Required Education BS degree in Computer Science, Information Security, Engineering, Mathematics or equivalent experience

Our benefits package includes: (EXCLUDE on perm placements)

• Comprehensive medical benefits
• Competitive pay
• 401(k) retirement plan
• ...and much more!

About INSPYR Solutions
Technology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients' business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com.

INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.

Information collected and processed through your application with INSPYR Solutions (including any job applications you choose to submit) is subject to INSPYR Solutions Privacy Policy and INSPYR Solutions AI and Automated Employment Decision Tool Policy: . By submitting an application, you are consenting to being contacted by INSPYR Solutions through phone, email, or text.