Cybersecurity Program Manager

The Cybersecurity Program Manager will work on the Chubb Canada IT team as a senior member dedicated to working with members of the wider Chubb RISO and Security Architecture teams. The Cybersecurity Program Manager will represent Canadian security initiatives, issues, and policy alignment to the RISO and Security Architects for discussion and resolution.  The successful candidate will own and manage security issues arising from network changes, vulnerability scanning, new security guidelines, new application build permit approvals, and other sources. This is a role with delivery accountabilities. 

• Participate in IT projects as the security representative, driving good practice through consultancy.
• Work with delivery Project Managers and technical teams to ensure security initiatives are delivered, and regularly report to senior management. 
• Senior stakeholder for management of cybersecurity-related escalations and Global Information Security priorities.
• Manage control exemptions/remediations identified through projects.
• Provide technical security guidance where required.
• Implement and monitor standards with regional\outsourced IT and Development.
• Collaborate and guide IT and Business units, to correct non-compliant processes.
• Identify gaps in technical security policy and process, and help develop standards and processes.
• Provide security oversight of IT delivery processes.
• Assist with strategic global and regional security project deployment within North America.
• Provide metrics for relevant areas of responsibility when required.
   

• Bachelor’s Degree from an accredited college or university in Information Security, Information Technology, Computer Science, or a related technical degree.
• At least 5 years’ working experience of security technologies.
• At least 3 years’ experience delivering on security initiatives, with exposure to senior management.
• Good knowledge of security technology, with proven ability to apply knowledge to a use case.
• Well-versed in application security principles, practices, and standards.
• Knowledge of authentication and authorization processes and technologies.
• Experience with interpreting results of security scanning tools, including SAST/DAST/SCA/IAST/Infra Vulnerability Scans, and advising on remediation.
• Excellent communication skills, ability to explain technical issues to a mixed audience ranging from technical to business, project management to leadership.
• Knowledge of project lifecycles, with working experience of Agile, Waterfall, and CI/CD project methodologies
• Good understanding of IT technologies such as networking, servers, firewalls, encryption, vulnerabilities, and other security-related domains.
• Demonstrated ability to understand and analyze complex technical security tools and processes to make sound recommendations on implementation and utilization.
• Knowledge of securing on-prem and cloud platforms and applications.