Cbsm - IT Security Governance Engineer

Job Requirements

Core IT Security GRC Domains.

Governance & Oversight
- Oversee current programs (I.e., SOX, Risk assessments, risk profiles, iso, global and or regional strategic projects/tasks, etc.).
- Provide oversight and coordination of control executions to ensure IT policies and procedures are being followed.
- Coordinate periodic metrics follow up and reporting to key stakeholders to ensure accountability and ownership of projects/tasks.
- Managing of regional cyber security catalog.

Control Framework
- Evaluate the adequacy and effectiveness of internal controls as they relate to the design and operation of computer-based information systems.
- Develop and implement procedures and processes supporting Chubb IT Security and compliance policies, control objectives.
- Produce, document and maintain IT policies and internal controls at various level of the organization in relation to the IT landscape.
- Provide support and guidance over the development and implementation of controls and remediation actions based on practical solutions and sound risk management.

Risk Management
- Proactively identify and assess of on-going and emerging IT risks, challenges and process gaps through periodic internal management risk assessments
- Analyze and prioritize areas of focus for mitigation, remediation or process improvement opportunities using a risk-based approach to maximize the efficiency and effectiveness.

IT Control Monitoring and Testing
- Proactively identify control gaps.
- Remediation monitoring and tracking to ensure issues and risks are mitigated timely.
- Collaborate with IT to validate and verify audit findings and/or deficiencies.
- Facilitate audit and assessments scoping, planning, pre-audit risk assessment and process walkthroughs during the audit process.
- On-going monitoring and testing of controls to ensure adherence to risk requirements.
- Support the oversight and governance over subservice IT hosting provider(s)

Communication
- Serve as the central communication point between the regional security organization and key stakeholders.
- Provide timely status reporting on current audit statuses, issues, control deficiencies, remediation tracking, ongoing assessments, pen-tests and overall health of the IT environment.

Training & Education
- Help on coordinate IT security related training for the IT community and key stake holders on current and new security best practices.
- Contribute to IT Security Training Course development.

Special projects and initiatives
- Collaborate with Global Information Security on new global initiatives.
- Coordinate COG and Global projects and activities at the region.
- Perform quality control analysis over the outcomes of IT security projects and initiatives executed at the region.

Work Experience

Requirements for the role
- Reports to the regional GRC Head.
- In-depth understanding of information security standards, best practices and governance, risk and compliance.
- Collaborative with the ability to influence without authority and have impact.
- Superior verbal and written communication and presentation skills, strong interpersonal skills and the ability to work independently.
- Demonstrates sense of prioritization, urgency and a high degree of initiative and professional judgment.
- Being adaptative in highly changing and ambiguous environments.

Desired Qualifications
- Desirable CISA, CISSP, CISM or CRISC - either currently possess the certification or working towards completing the certification.
- Project management experience. PMP certification a plus.
- BS in a computer science, management information systems or related field.
- IT Security Audit experience a plus.
- Desirable Information Security risk management framework experience.