Working as part of the Regional Information Security Office reporting to the Regional Head of Cyber Risk & Assurance, the Sr Cyber Risk and Assurance Specialist will be responsible for supporting the day-to-day IT Security Governance, Risk and Compliance functions. The role will have primary responsibility for managing the team’s scorecard and ensuring projects and tasks are completed within expected timeframes and with appropriate quality, support the management of the regional security risks as well as the issues and policy exceptions portfolio, support stakeholder management and communications efforts, drive the execution of security awareness and training initiatives, perform threat modeling, risk assessments and security assessments as needed, and support the work of the Head of the CR&A function.

Qualifications

5+ years of experience in:

• Assessing/auditing compliance, and supporting the adoption/implementation of:
• Security standards and best practices (ISO27001/2, NIST CSF, NIST SP 800-30, CIS CSC, COBIT, CMMC, or similar)
  • Security Risk Management standards (Octave, NIST 800-53, ISO27005, or equivalent)
  • Cloud security standards and best practices (CSA CCM)
  • Privacy standards (GDPR, NYPA/NYS PPPL, ISO 27701/27018, Brazil LFPD, Habeas Data frameworks, or similar)
• Excellent communication skills, written and verbal, in Spanish and English.
• Excellent technical and non-technical stakeholder management skills, including senior executives.
• Knowledge of project management frameworks such as PMI’s PMBOK.
• Knowledge of threat modeling and risk assessments methodologies.
• Extensive understanding of IT technologies such as networking, servers, virtualization (VM) technology, Public cloud infrastructure, etc.
• Experience interpreting, adapting and applying information security standards and frameworks.
• Experience with IT Operations standards such as: ITIL, ISO/IEC 20001.

Responsabilities

• Support regional security risk management efforts, including: identifying, documenting and escalating cyber security risks, managing identified risks throughout their lifecycle and help drive the development of risk elimination/mitigation strategies.
• Interact with global IT and business partners to escalate and adequately manage emerging threat sources and risks, new regulations, market / ecosystem trends and other changes in the regional landscape.
• Support the delivery of security assessments on processes, people and technology to ensure compliance with Chubb’s security baseline on an ongoing basis.
• Support the documentation and upkeep of the regional InfoSec organization’s operational processes to ensure adequate resiliency and business continuity as well as facilitating new employee onboarding.
• Support the regional InfoSec governance function by managing the practice scorecard, coordinating the work of the PM, driving the adoption of project management best practices by team members, and ensuring timely completion of tasks, projects and initiatives.