System Analyst

Key Responsibilities: What is the role accountable for and what are its key responsibilities? Describe the key result areas for this role specifically, rather than those for the team or role family where this role works.

Information Security Project /control and cyber risk profile improvement support:

• Supporting global, regional and country level cyber transformation projects, initiatives and ad-hoc activities to uplift, mature and align the APAC technology security control environment.

Manage and support Technical Security BaU:

• Manage and support Technical Security BaU activities as required (Security tools, solutions and processes, Regional IT & Infrastructure function liaison and alignment).
• Help ensure regional IT infrastructure integrates and compliments global security solutions, ensuring global requirements are met. 
• Keep up to date with global security technologies and tooling:
  • Ensure global alignment and support structure in line with Global CISO operating model for regions e.g. Anti-Virus, Firewall, DLP, IPS, PAM, Web Proxy.
  • Ensure Technology teams are engaging and alignment to central teams and functions.
  • Support local tools and requirements where the need arises ensuring compliance to Chubb policy and standards. 
• Conduct assessments of existing security operational processes and recommend changes to associated policies, standards, controls and procedures.
• Support assurance review over IT requested Firewall rule changes across the region ensuring challenge and oversight.

Vulnerability Management & Security testing assurance:

• Support regional Vulnerability management activities ensuring global aligned scanning and reporting services are embedded and consumed in the APAC region. 
• Support Security governance through regular meetings with APAC IT teams to highlight and maintain focus on regular resolution of Infrastructure related vulnerabilities.
• Work with Vulnerability management tooling to extract and produce ad-hoc reporting. Customise and share VMS reports to line of business in addition to base reporting where required.
• Maintain awareness of emerging vulnerabilities and, where appropriate, act to mitigate threats and remediate vulnerabilities.
• Support Security testing activities that may involve the APAC region (red teaming, purple teaming).
• Support and advise Technology teams from the Security perspective on penetration tests, and application scanning vulnerability findings, and review suggested remediations to ensure appropriateness and issue resolution.

Incident Management and Response:

• Support Regional and Global Information Security team to respond, analyse and support during a security incident and work closely with the local technology teams and IT system engineers as well as the Chubb SOC to resolve the incidents. 
• Participate in post-incident reporting and propose enhancement to the systems and IT infrastructure to close the security gaps. 
• Coordinate periodic testing of information security-specific processes, such as incident response plans.

Technical Security issues and Risk Remediation tracking: 

• Help the RISO team track and maintain a central view of technical security gaps and issues in the regional Issue register.
• Where required help ensure that risk remediation plans with relevant parties to achieve compliance with security requirements and mitigate identified risks to an acceptable level.

Regulatory compliance related assessment:

• Support the RISO in the assessment and response to technical cyber security related aspects highlighted notices, circulars and guidance’s arising from APAC regulators.  

Security Monitoring & reporting:

• Defines and documents relevant information security principles, practices and delivers timely reports on relevant information security metrics.
• Provide management with insights around the region in relation to Information Security matters.

Experience:  

Minimum of 5+ years’ hands-on, broad-based cyber security experience, preferably within some Financial Industry background:

• Good knowledge of security technology, with proven ability to apply knowledge to use case.
• Excellent communication skills, ability to explain technical issues to mixed audience ranging from technical to business, project management to leadership.
• Experience interpreting and applying information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, MAS, data privacy, Payment Card Industry).
• Good understanding of IT technologies such as networking, servers, IOT, security architecture / engineering for infrastructure and applications.
• Threat and vulnerability management – Infrastructure and application vulnerabilities assessment and analysis and tooling (Rapid 7 preferred).
• Symantec - Endpoint Threat Detection & Data Loss Prevention (DLP).
• Experience with incident detection and response, malware analysis, or Cyber forensics and security vulnerability remediation.
• Strong knowledge of networking and network security products, technologies, and protocols (i.e. Firewalls rules, proxies, anti-virus etc.).
• Penetration testing and Red and blue team methodology / support.

Experience producing, coordination and managing security reporting and metrics.

Qualifications:

• Bachelor’s degree in Computer science, Information Technology, Cyber Security or similar (Desired) or equivalent experience related in fields.
• Certified Information Systems Security Professional (CISSP), CISM and/or equivalent. (Desired)
• Languages: Spanish, Portuguese and English.

Knowledge of Financial Services industry with preference to Insurance Business experience (Desired)