Senior Technical Security Specialist, APAC
Chubb
IT
Malaysia
Posted on Nov 18, 2025
The purpose of this role is to ensure that IT systems and projects undergoing change are secure by design, build, and implementation. The ideal candidate will play a critical role in embedding security principles throughout the project lifecycle, ensuring compliance with organizational Global Information Security policies, industry standards, and regulatory requirements. This role requires a deep understanding of security architecture, risk management, and secure development practices, as well as the ability to collaborate with cross-functional teams to deliver secure IT solutions.
Key Responsibilities:
- Collaborate with project teams / squads to ensure security requirements are integrated into the planning and design phases of IT systems.
- Perform security reviews of technical designs, configurations, and implementations to identify and address cybersecurity risks.
- Conduct threat modeling and risk assessments to identify potential vulnerabilities and recommend mitigations.
- Ensure all IT changes and projects follow established security governance processes, including risk assessments and approvals.
- Collaborate with Change Advisory Boards (CAB) to ensure security considerations are addressed before changes are approved.
- Maintain documentation and knowledge base of security assessments, decisions, and actions taken during the project lifecycle.
- Act as the primary security advisor for IT projects, working closely with project managers, architects, developers, and other Global Information Security stakeholders.
- Contribute to the development and enhancement of security policies, standards, and guidelines.
- Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).
- 7+ years of experience in information security, with a focus on secure design, architecture, and implementation.
- Strong knowledge of security frameworks and standards (e.g., ISO 27001, NIST, PCI DSS, OWASP).
- Experience conducting threat modeling, risk assessments, and security reviews.
- Proficiency in secure development practices, including secure coding, encryption, and vulnerability management.
- Familiarity with IT change management processes and governance frameworks.
- Strong analytical and problem-solving skills, with the ability to assess complex technical environments.
- Excellent communication and interpersonal skills, with the ability to influence and collaborate with diverse stakeholders.
- Relevant certifications such as CISSP, CISM, CEH, or SABSA.
- Experience with cloud security (e.g., AWS, Azure, GCP) and DevSecOps practices.
- Experience working in Agile or DevOps environments.