• Executes assumed reinsurance catastrophe risk management tasks and projects • Will lead and design projects and solutions to solve assumed reinsurance catastrophe risk business problems • Propose solutions to business questions and monitor progress of projects • Report to the Head of Reinsurance Pricing & Analytics, AmFamRe • Performs assumed reinsurance catastrophe modeling analyses using catastrophe modeling software • Communicates key model fundamentals to peers and other functions • Develops analytical tools, reports, and data to understand impacts of natural disasters to the business • Partners with team members to provide catastrophe related insights and recommendations • Supports live catastrophe event response with exposure summaries and loss estimates

• Lead the enterprise skills governance model, including decision rights, standards, and operating routines • Run the Skills Council—manage intake, prioritization, and ensure decisions are executed and sustained across the enterprise • Steward the enterprise skills framework, ensuring it is practical, consistent, and aligned to job architecture and learning (within system constraints) • Set quality standards for AI‑inferred skills, including validation rules and governance controls • Own skills data quality—establish audit routines, resolve issues, and ensure enterprise trust in skills data • Define business requirements and data standards for skills across Workday and related systems (no platform ownership) • Drive consistent adoption and adherence to skills standards across priority talent processes (career growth, mobility, learning, workforce planning) • Partner with HR Tech, Analytics, and COEs to translate skills strategy into usable standards, insights, and system requirements • Deliver clear insights on skills gaps, supply/demand, and emerging needs to inform workforce decisions • Translate enterprise business priorities into focused skills governance actions (e.g., critical roles, emerging capabilities) • Enforce enterprise skills standards, guiding functions and segments and resolving deviations where needed • Lead end‑to‑end program execution with strong project management, stakeholder alignment, and disciplined delivery

• Responsible for leading the strategy, delivery, and evolution of risk, actuarial, and analytics capabilities for OneDigital’s Southern California Employee Benefits practice. • Owns and leads the SoCal Risk & Analytics strategy, aligned to local client needs, renewal complexity, and growth priorities. • Serves as the senior analytics and risk leader for the SoCal Employee Benefits practice. • Actively participates in client and prospect meetings. • Provides analytical and financial guidance to support renewal positioning, carrier discussions, and client decision-making. • Oversees and supports block renewal negotiations with carrier partners in alignment with each client’s overall benefits strategy. • Serves as the SoCal leader for stop loss strategy.

Role Description The Third Party Risk Management (TPRM) Lead is responsible for designing, implementing, and operating an enterprise-wide Third Party Risk Management framework. This role leads the transformation of the current vendor onboarding and oversight process into a structured, scalable, and risk-based TPRM program aligned with regulatory expectations and organizational risk appetite. The TPRM Lead partners cross-functionally with Information Security, Privacy, Legal, IT, and Business stakeholders to ensure third-party risks are appropriately identified, assessed, monitored, and mitigated throughout the vendor lifecycle. - Lead and administer the global Third Party/vendor review program, including risk rating of new vendors, managing the end-to-end onboarding process, and conducting annual reviews of existing material and high-risk vendors. - Implement formal Third Party Risk Management framework aligned with industry standards and best practices. - Establish procedures covering: - Vendor onboarding - Ongoing monitoring - Vendor offboarding - Organize and maintain centralized repositories for relevant Third-Party Risk and metrics documents. - Establish and maintain a centralized vendor inventory with risk classification and ownership tracking. - Review and redesign vendor onboarding workflows and intake questionnaires. - Ensure onboarding requirements align with: - Information Security requirements - Privacy and data protection requirements - Regulatory and compliance expectations - Develop and implement standardized vendor risk assessment questionnaires. - Define minimum evidence and documentation requirements, including certifications, control attestations, and security documentation. - Establish review, escalation, and approval workflows for vendor assessments. - Perform specialized reviews with Information Security and Privacy teams, including technical assessments and Data Protection Impact Assessment (DPIA) where required. - Design and implement a structured vendor monitoring and annual review program. - Track vendor risk posture over time and ensure timely reassessments and remediation follow-up. - Support customer due diligence processes and reduce repetitive inbound security questionnaires through centralized documentation. - Assess and integrate evolving regulatory requirements impacting third-party risk management, including EU AI Act considerations where applicable. - Ensure AI-related vendor risks are identified and addressed within the TPRM framework. - Monitor emerging regulatory, technology, and operational risks relevant to vendor management practices. - Lead remediation and reduction of existing vendor review and alerts using a risk-based prioritization approach. - Serve as the primary point of contact for third-party risk management matters across the organization. - Develop and maintain TPRM metrics, dashboards, and reporting capabilities. - Provide regular reporting and program updates for Risk & Compliance leadership. - Partner with Legal to ensure that Non-Disclosure Agreements (NDAs) are properly executed where required. - Serve as the primary point of contact for Third Party adverse media escalations (Perform Level 2 disposition). - Support internal audits, external audits/certifications (i.e. SOC2, ISO27001), customer due diligence, and certification activities. - Help identify and lead initiatives to ensure that compliance activities throughout the organization are effective and in compliance with SOC2 and ISO27001. - Assist with generating responses to Client Due Diligence requests. - Assist with the execution of compliance related activities such as our Business Continuity/Disaster Recovery exercises, risk matrix reviews, incident response tabletops, etc. - Perform analysis of software to ensure compliance with IP rights. - Support broader compliance activities as needed. Qualifications - 3–5 years of experience in Third Party Risk Management, Vendor Management, Information Security, Compliance, Risk, Audit, Privacy, or related operational function. - Experience supporting vendor onboarding, risk assessments, compliance reviews, privacy reviews, or governance processes. - Ability to coordinate cross-functional activities involving Information Security, Privacy, Legal, and Business stakeholders. - Experience reviewing vendor documentation such as SOC 2 reports, security questionnaires, certifications, privacy documentation, or compliance evidence is preferred. - Familiarity with privacy and data protection requirements impacting third-party risk management, including GDPR concepts, DPIAs, and data processing considerations. - Strong analytical and problem-solving skills with attention to detail. - Effective written and verbal communication skills, including the ability to communicate risk, privacy, and process requirements clearly to stakeholders. - Experience working with governance, risk, compliance, procurement, ticketing, or vendor management tools (e.g., JIRA) is preferred. - Ability to support process improvement initiatives and help implement scalable governance practices. - Relevant certifications such as CIPP/E, Security+, ISO 27001 Foundations, CISA, CRISC, or similar are a plus. Benefits - Minimum salary: 14,166 PLN gross/month - Comprehensive private medical healthcare - Remote work options subject to the type of position or project - The option to join a group private insurance plan (subject to a fee) - MyBenefit Cafeteria including Multisport - Annual discretionary bonus, subject to both company performance and individual contribution - Employee Assistance Program (EAP) - Access to goFLUENT language learning platform