Cbsm / IT Security Grc Manager

Work Experience

**Core IT Sec GRC Domains**:
**Governance & Oversight**:
Oversee current programs (I.e. SOX, Risk assessments, risk profiles, iso, global and or regional strategic projects/tasks, etc).
Provide oversight and coordination of control executions to ensure IT policies and procedures are being followed.
Coordinate periodic metrics follow up and reporting to key stakeholders to ensure accountability and ownership of projects/tasks.
Managing of regional cyber security catalog.

**Control Framework**:
Evaluate the adequacy and effectiveness of internal controls as they relate to the design and operation of computer-based information systems.
Develop and implement procedures and processes supporting Chubb IT Security and compliance policies, control objectives.
Produce, document and maintain IT policies and internal controls at various level of the organization in relation to the IT landscape.
Provide support and guidance over the development and implementation of controls and remediation actions based on practical solutions and sound risk management.

**RIsk Management**:
Proactively identify and assess of on-going and emerging IT risks, challenges and process gaps through periodic internal management risk assessments
Analyze and prioritize areas of focus for mitigation, remediation or process improvement opportunities using a risk-based approach to maximize the efficiency and effectiveness

**IT Control Monitoring and Testing**:
Proactively identify control gaps.
Remediation monitoring and tracking to ensure issues and risks are mitigated timely.
Collaborate with IT to validate and verify audit findings and/or deficiencies.
Facilitate audit and assessments scoping, planning, pre-audit risk assessment and process walkthroughs during the audit process.
On-going monitoring and testing of controls to ensure adherence to risk requirements.
Support the oversight and governance over subservice IT hosting provider(s)

**Communication**:
Proactively identify control gaps.
Remediation monitoring and tracking to ensure issues and risks are mitigated timely.
Collaborate with IT to validate and verify audit findings and/or deficiencies.
Facilitate audit and assessments scoping, planning, pre-audit risk assessment and process walkthroughs during the audit process.
On-going monitoring and testing of controls to ensure adherence to risk requirements.
Support the oversight and governance over subservice IT hosting provider(s)

**Training and Education**:
Help on coordinate IT security related training for the IT community and key stake holders on current and new security best practices.
Contribute to IT Security Training Course development.

**Special projects and initiatives**:
Collaborate with Global Information Security on new global initiatives.
Coordinate COG and Global projects and activities at the region.
Perform quality control analysis over the outcomes of IT security projects and initiatives executed at the region.

**Requirements for the role**:
Reports to the regional GRC Head.
In-depth understanding of information security standards, best practices and governance, risk and compliance.
Collaborative with the ability to influence without authority and have impact.
Superior verbal and written communication and presentation skills, strong interpersonal skills and the ability to work independently.
Demonstrates sense of prioritization, urgency and a high-degree of initiative and professional judgment.
Being adaptative in highly changing and ambiguous environments.

**Desired Qualifications**:
Desirable CISA, CISSP, CISM or CRISC - either currently possess the certification or working towards completing the certification.
Project management experience. PMP certification a plus.
BS in a computer science, management information systems or related field.
IT Security Audit experience a plus.
Desirable Information Security risk management framework experience.