At Selective, we don't just insure uniquely, we employ uniqueness.

Our Business

Selective is a midsized U.S. domestic property and casualty insurance company with a history of strong, consistent financial performance for nearly 100 years. Selective's unique position as both a leading insurance group and an employer of choice is recognized in a wide variety of awards and honors, including listing in Forbes Best Midsize Employers in 2023 and certification as a Great Place to Work in 2023.

Working at Selective

At Selective, we don't just insure uniquely - we employ uniqueness. Employees are empowered and encouraged to Be Uniquely You by being their true, unique selves and contributing their diverse talents, experiences, and perspectives to our shared success. Together, we are a high-performing team working to serve our customers responsibly by helping to mitigate loss, keep them safe, and restore their lives and businesses after an insured loss occurs. Employees receive comprehensive total rewards packages - including competitive compensation and performance awards, health benefits, and retirement savings - and professional development opportunities and flexible schedules to support their health, wealth, and well-being. Join our team and help make a difference.

Summary:

Acting as a leader and subject matter expert to other IT Security staff, this mastery role will determine security risks and find ways to reduce those risks through planning and problem-solving. The Risk Management Senior Specialist will work as part of the Risk Management team within IT Security to manage those information security risks. Works closely across ITS teams and business units to identify and specify gaps, requirements, and solutions to security measures that safeguard access to enterprise files, networks, and data. Provides expert level consulting and leadership in the identification, escalation, and mitigation of security risks to the Manager, IT Information Risk.

Responsibilities:

• Acts as a subject matter expert to the enterprise and a mentor to other IT security staff. Independently initiates work as needed to meet IT Risk Management needs, and exercises significant levels of accountability and ownership of security issues. Performs assessments, and consultation on security topics to enterprise projects and technology acquisitions, in support of Manager, IT Information Risk.
• Prepare and complete annual risk assessments and assist with regulatory and accreditation audit preparation as needed. Conducts periodic company-wide risk assessments.
• Support the design and implementation of a common and consistent vendor risk management (VRM) program to effectively manage vendor risk in accordance with internal policy and Federal/State Regulatory requirements.
• Identifies, initiates, and manages contact with vendors regarding new security & risk management technologies, security system updates, and technical support of security products.
• Maintain a structured internal governance framework, to ensure effective oversight of vendor risk and procurement compliance. Ensure all contracts are reviewed to meet IT Security compliance and standards.
• Present reporting of high risk vendor contracts and procurement high risks / ineffective controls and highlight vendor risks and the action planned to address inadequate controls to executive management.
• Lead assessment of vendor risk via pre-contract due diligence, develop mitigation plan and partner with internal stakeholders to monitor vendors
• Serve as lead for monitoring risk incidents, remediation resolution including development and execution of corrective action plans, and ensure follow-on reporting and monitoring. Evaluate and process complaints, appeals and grievances.
• Analyze, update, and modify procedures and processes to identify and continuously implement both vendor risk management and information risk management process improvements.
• Perform data analytics & reporting activities. Provide & maintain vendor risk reporting mechanisms, and track and report outcomes from vendor management activities. Collect, organize, and distribute reports & documents & recommend enhancements to reporting & audit tools

Qualifications:

• 5 - 7 years' experience in Information Technology or Risk Management roles, with at least 2 years in a security role.
• Bachelor's or master's degree in computer science, management information systems, business administration, or related discipline is preferred.
• Security specific certifications such as CISSP, CRISC, or equivalent designation highly preferred
• Knowledge of national and international regulatory compliances and frameworks such as NIST-CSF, ISO-27000, SOX, BASEL II, EU DPD, HIPAA, and PCI D.

• Ability to express complex technical security control concepts passionately and effectively (verbally and written).

• Work experience in vendor management, vendor risk management, and/or strategic sourcing and procurement preferred
  Knowledge of applicable concepts, methodologies, and governance structures to manage risk programs

Salary range: $116,000 - $167,000. The actual base salary is based on geographic location, and the range is representative of salaries for this role throughout Selective's footprint. Additional considerations include the candidate's qualifications and experience.

Selective is an Equal Employment Opportunity employer. That means we respect and value every individual's unique opinions, beliefs, abilities, and perspectives. We are committed to promoting a welcoming culture that celebrates diverse talent, individual identity, different points of view and experiences - and empowers employees to contribute new ideas that support our continued and growing success. Building a highly engaged team is one of our core strategic imperatives, which we believe is enhanced by diversity, equity, and inclusion. We expect and encourage all employees and all of our business partners to embrace, practice, and monitor the attitudes, values, and goals of acceptance; address biases; and foster diversity of viewpoints and opinions.

#LI-SB1

#LI-hybrid