Regional Information Security Specialist

Purpose:

The (RISO) Regional Information Security Specialist will have coverage accountability for a portfolio of assigned country businesses, where Chubb Life operates. The incumbent will be responsible for undertaking RISO governance, oversight and assurance activities across the assigned portfolio. Responsibilities include driving security management outcomes, building and maintaining a strong security aware culture, demonstrating support aligned to Chubb’s Global Information Security requirements. 

Focus will be on driving Cyber governance across assigned portfolio of countries and partnering closely with country Leaders to ensure adequate prioritisation and support for RISO activities. The incumbent will work closely with the APAC RISO functional areas, and the Global Information Security organisation. Strong relationship management and influencing skill is required, ability to partner with country Technology, Business, Operations is required to ensure RISO priorities and requirements are being appropriately managed and supported by in country teams.

This position will report to the APAC Life RISO. Collaboration and support to peer other RISO functions (Regional Technical Security, and Regional Cyber Governance is required. This role is not initially managing direct reports, but must be able to operate independently, and indirectly manage and influence others to support and achieve GIS outcomes across assigned portfolio.

Responsibilities:

• Support monitoring the effectiveness of the Chubb Global Information Security program across assigned countries and Business Units (portfolio) by undertaking RISO governance, oversight, and assurance activities.
• Establish and lead RISO governance meetings covering assigned countries, ensuring country teams understand and support GIS/RISO requirements, risk remediations, and key program activities.
• Support & manage monitoring of key RISO and GIS information security metrics, performance indicators to ensure cyber risk governance and resilience of assigned business units Cyber risk profile and security program.
• Govern and support oversight and management of Third-Party Information Risk Management (TPIRM) assurance and program activities for Country Geographic portfolio.
• Identify, manage, and monitor information security risks arising from projects, regulations, emerging threats and business activities impacting Country Geographic portfolio.
• Support local regulatory related inquiries and requests as the local leader for Cyber & Information Security ensuring regional and global stakeholder engagement and alignment.
• Oversee, monitor, and support appropriate corrective actions by BU Technology functions to secure identified network and application vulnerabilities across assigned Country Geographic portfolio.
• Review and influence the appropriateness of technology mitigation plans for Security assurance activities including penetration tests and vulnerability assessments and Red Teaming on assigned Country Geographic portfolio information systems and infrastructure.
• Manage and support RISO response to any information security incident in collaboration with key stakeholders for assigned geographic portfolio.
• Support RISO related Information security assessment & assurance activities in relation to assigned geographic portfolio operating environment, aligning to Information Security best practice and Chubb policies, standards, controls, and procedures. 
• Support global, regional and or local BU Chubb Program activities that impact Country Geographic portfolio employees such as Security Training/Awareness and Data Protection.
• Collaborate and partner with Country and regional Business, Data Protection & Privacy, Compliance and Legal, as well as the 2nd Line Risk in relation to Information & Cyber Security matters.
• Support RISO Technical Security and Cyber Risk & Assurance teams’ identification and governance of surety issue management, and policy exceptions.
• Support and coordinate information security related audits, regulatory reviews and requests, and partner interest in relation to the Chubb information security program, controls, and processes. 
• Maintain current knowledge on Cyber security threats, emerging trends, and industry practice.  

• 5+ years, hands-on, broad-based information security experience.
• Strong Information & Cyber security expertise with in-depth understanding of industry standards and practice: ISO 27000, NIST SP 800 / CSF, ISF SoGP.
• Previous experience in implementing and leading Information Security programs across geographic portfolios aligning country to region and global requirements.
• A self-starter with strong interpersonal skills and the ability to work independently and in a matrixed format, able to act as the team deputy when required.
• Experience working in large multinational organisations.
• Strong verbal and written communication and presentation skills, including providing technical information effectively with non-technical audiences.
• Strong ability to influence a variety of stakeholders in relation to Chubb’s GIS Program requirements including Country and Geographic Business Lines leadership and country Technology management.
• Experience taking a strong protect the organization first stance in relation to Information security and protection requirements. 
• Experience with Asia region related financial regulatory compliance for Information and Cyber security, including experience with cyber regulatory assessment framework in Hong Kong - HKMA C-RAF, HKIA GL20.
• Technical security expertise and understanding of cyber controls and processes.
• Threat and Vulnerability Management:  Security analysis and vulnerability assessment – Application scans, Security Patching & Vulnerability assessments.
• Ability to approach security problems and drive positive outcomes in relation to Application Security, Infrastructure Security, Vulnerability Management is critical.  
• The successful candidate will also need to be familiar with working effectively in AGILE, fast paced environments.
• Bachelor’s degree in Computer Science, Information Systems, Information Technology, or other related disciplines (Required).
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) and/or equivalent. (Required).
• Cybersecurity Fundamentals (CSX) certificate (Desired). 
• Knowledge of Insurance Business (Desired).