In this role, you will drive the management of Third-Party Risk across the Chubb organization. Your primary responsibilities include conducting in-depth third-party control assessments focused on Cyber Security, Artificial Intelligence (AI), Privacy, Business Continuity, Physical Security, and Compliance. Leveraging advanced AI-driven solutions, you will perform initial control assessment reviews, enabling you to proactively and efficiently identify emerging risks. You will be accountable for identifying and tracking control issues through to remediation, maintaining a current and accurate third-party inventory, and compiling regional monthly metrics for executive management. Excelling in these areas will position you to contribute to strategic initiatives that strengthen and advance Chubb’s third-party risk management program, directly impacting the organization’s cybersecurity posture.

In this role, you will:

• Lead and complete Chubb’s inherent risk ranking for all suppliers, ensuring full compliance with the Global Third-Party Cyber Risk policy; collaborate closely with the Global Third-Party team and Business Relationship Owners
• Conduct risk assessments for Cloud and AI providers
• Identify, track, and resolve issues and control deficiencies related to third parties; coordinate with business owners to drive remediation activities
• Maintain and update the Information Security Third Party Inventory and Issues Register, aligning with the Enterprise Risk Management strategy
• Perform and deliver Third Party Cyber Risk assessments initiated by the business
• Execute, manage, and oversee Third Party assessments to ensure compliance with applicable SLAs
• Review and evaluate information security policies, standards, guidelines, and baselines, both existing and in development
• Support internal security reporting, including preparing materials for steering committees and senior management updates
• Manage Third-Party related information security projects
• Develop and enhance the program, advancing current and future improvements to increase effectiveness and efficiency
• Support the TPCR Regional Lead and actively engage with the broader Information Security team

• Demonstrates advanced business acumen, ideally within regulated or financial sectors
• Possesses over five years of specialized experience in information security, focusing on risk assessments, controls, governance, risk management, program development, compliance, and auditing; proven track record in supporting or managing third-party risk assessment programs is required
• Holds expert-level proficiency in both business and technical domains of information security, including third-party security risk and European data protection regulations
• Skilled in analyzing complex business processes and technologies, with the ability to provide clear, actionable recommendations to non-technical stakeholders
• Brings a robust technical foundation across distributed systems, mainframe environments, databases, and web-based application development
• Excels in risk-based analysis and decision-making
• Experienced in interpreting and applying information security standards and frameworks (such as ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework) and attestation reports (such as SOC 1/2)
• Experience with eGRC systems or similar system administration is highly advantageous