Berkley Technology Services (BTS) is the dynamic technology solution for W. R. Berkley Corporation, a Fortune 500 Commercial Lines Insurance Company. With key locations in Urbandale, IA and Wilmington, DE, BTS provides innovative and customer-focused IT solutions to the majority of WRBC’s 60+ operating units across the globe. BTS’s wide reach ensures that ideas and opinions are considered at every level of the organization to guarantee we find the best solutions possible.  

Driven by a commitment to collaboration, BTS acts as consultants to our customers and Operating Units by providing comprehensive solutions that not only address the challenge at hand, but proactively plan for the “What’s Next” in our industry and beyond.  

With a culture centered on innovation and entrepreneurial spirit, BTS stands as a community of technology leaders with eyes toward the future -- leaders who truly care about growing not only their team members, but themselves, and take pride in their employees who shine. BTS offers endless ways to get involved and have the chance to grow your career into a wide range of roles you'd never known existed. Come join us as we push forward into the future of industry leading technological solutions.  

Berkley Technology Services: Right Team, Right Technology, Simple and Secure.  

The company is an equal opportunity employer.

Berkley Technology Services (BTS) is hiring an IT and Security Risk Manager reporting to the Vice President of IT GRC and will be located in either Urbandale, Iowa, or Wilmington, Delaware. This is an exciting role for a dynamic GRC leader dedicated to leading a global Fortune 300 (W.R. Berkley) Governance Risk and Compliance program’s operational activities. This role may be filled at the Director level based on the candidate’s ability to be a thought-leader, highly qualified subject matter expert, and hands-on professional with the experience and know-how needed to guide and accelerate their respective programs.

Working in concert with Information Technology and Information Security functions the IT and Security Risk Manager will develop and/or enhance our IT Risk Management methodology and processes as it relates to Information Technology and Information Security risks. This role will work with both technology and business personnel to engage in both top-down and bottom-up assessments as it relates to our controls, processes, and architecture to both qualitatively and quantitatively assess risk. The role will also help build out standard/repeatable processes to provide transparency and scalability to our IT Risk Management program. To do this, you’ll be hands-on and help lead other IT GRC professionals dedicated to the mission and vision of Berkley IT GRC operations.

Key functions include but are not limited to:

• Understand and implement operational automated processes for GRC programs, tasks, and activities through system integrations and data aggregation.
• Review and assess both on-premise and cloud technology as it relates to GRC activities
• Development of IT risk assessment framework and methodology, to mature risk assessment processes, techniques, and templates to ensure a well understood and scalable approach to IT risk, including metrics and reporting.
• Lead outreach efforts across Information Technology, Information Security, and Business Management to provide insight into the risk appetite and current risk posture.
• Perform scheduled and ad-hoc risk assessments as it relates to IT General Controls, Security Controls, System/Network Architectures, and/or Privacy Controls, including the creation and monitoring of appropriate remediation plans.
• Assist in the development and communication of our overall ITGRC framework, especially for IT Risk Management activities such as risk scenarios assessments, risk control assessments, technology reviews, security reviews, and third-party reviews,
• Understand and ensure compliance with regulations such as NY CCR Part 500 Cyber Security Regulation, General Data Protection Regulation (GDPR), Sarbanes-Oxley (SOX), SWIFT, and/or California Consumer Privacy Act (CCPA).
• Fluent in using GRC/IT Risk technologies and frameworks such as Archer, ServiceNow, FAIR, NIST, and ISO. Utilization of advanced Excel functions and scripting/querying tools, as needed.

• College Degree, CS, IT or related technical discipline
• Advanced degrees and relevant certifications preferred, such as CISA, CGEIT, CRISC, or CISSP
• Minimum of 8 years of tactical and operational experience in Governance, Risk and Compliance with a focus on regulatory compliance and risk assessments/management.
• Minimum of 3 years of management experience leading, coaching and development of talent.
• SME on on-prem and cloud IT governance, risk, and compliance and associated management & process improvement methods.
• Deep knowledge and practical experience with the following regulatory compliance frameworks: COBIT, UCF, NIST, and ISO.
• Extremely detail oriented with excellent organizational and planning skills and equally proficient oral and written communication acumen