IT Security Engineer

at  SiriusPoint Ltd

IT SECURITY ENGINEER

Who We Are
SiriusPoint is a global (re)insurer writing a worldwide portfolio of businesses including Accident & Health, Liability, Property, and Specialty.
Bermuda-headquartered and listed on the New York Stock Exchange (NYSE: SPNT), we are looking at ways to grow intelligently, underwrite profitably, and drive technology innovation in the insurance industry.
We challenge convention, disrupt the traditional way of doing things, and devise new and better solutions. We strive to be excellent in everything we do and to continuously build knowledge and learn beyond our current skillsets.
Join Our Team
You will be our IT Security Engineer and will report to the Chief Information Security Officer.
The IT Security Engineer is accountable for contributing to and strengthening, the corporate Information Security program. The IT Security Engineer is responsible for the day-to-day operations of the in-place security solutions and the identification, investigation, and response to security events detected by those systems. IT Security Manager also participates in the vulnerability management program.
The IT Security Engineer presents a working knowledge and understanding of business security practices and procedures, including but not limited to, knowledge of currently available security tools, various communication protocols, incident response processes, vulnerability and patch management best practices, privileged access management, encryption techniques/tools, and 3rd party security risk assessments.
This role occasionally makes presentations, provides training, communicates with leadership and non-technical audiences about security topics, and collaborates with technical engineers on security solutions implementation. The IT Security Engineer is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals by collaborating with various IT and Non-IT functional groups to ensure effective service delivery of system security programs for internal clients.

Your responsibilities will include:

• Interfaces with SIEM providers and receives and interprets SIEM reports.
• Administers EDR Tools and proactively remediates threats
• Analyses security events to determine their root cause and advises on resolution.
• Analyses security vulnerabilities and assists in vulnerability management programs.
• Administers vulnerability management scanners and prepares applicable reports.
• Advises on Windows and non-Windows systems patching as required by vulnerability management program.
• Researches, and monitors for published current cybersecurity threats, vulnerabilities, and security advisories.
• Administers PAM (Privileged Access Management) tool to manage privileged access accounts.
• Administers DLP tools and advises on corporate DLP programs.
• Performs 3rd party risk assessments on our vendors and partners.
• Executes, and maintains incident response procedures.
• Maintains, supports, and coordinates corporate User Security Awareness Training programs
• Coordinates with internal and external auditors to assure HIPAA, SOX, NYDFS, and other regulatory compliance and proactively identifies audit and compliance-related issues to reduce the risk of security exposures and non-
• compliance. Plans and implements security improvements and solutions to assure the US and European regulatory compliance (DORA, HIPPA, NYCRR, GDPR, Cyber Essential, BMA).
• Prepares necessary audit documentation and timely files reports and appropriate evidence required.
• Creates and modifies Information Security related manuals, IT documentation, and infrastructure designs.
• Advises on security best practices for corporate solutions, application suites, and products.
• Researches current trends and technologies for future product ideas.

• Interfaces with SIEM providers and receives and interprets SIEM reports.
• Administers EDR Tools and proactively remediates threats
• Analyses security events to determine their root cause and advises on resolution.
• Analyses security vulnerabilities and assists in vulnerability management programs.
• Administers vulnerability management scanners and prepares applicable reports.
• Advises on Windows and non-Windows systems patching as required by vulnerability management program.
• Researches, and monitors for published current cybersecurity threats, vulnerabilities, and security advisories.
• Administers PAM (Privileged Access Management) tool to manage privileged access accounts.
• Administers DLP tools and advises on corporate DLP programs.
• Performs 3rd party risk assessments on our vendors and partners.
• Executes, and maintains incident response procedures.
• Maintains, supports, and coordinates corporate User Security Awareness Training programs
• Coordinates with internal and external auditors to assure HIPAA, SOX, NYDFS, and other regulatory compliance and proactively identifies audit and compliance-related issues to reduce the risk of security exposures and non-
• compliance. Plans and implements security improvements and solutions to assure the US and European regulatory compliance (DORA, HIPPA, NYCRR, GDPR, Cyber Essential, BMA).
• Prepares necessary audit documentation and timely files reports and appropriate evidence required.
• Creates and modifies Information Security related manuals, IT documentation, and infrastructure designs.
• Advises on security best practices for corporate solutions, application suites, and products.
• Researches current trends and technologies for future product ideas