Listing Description

This position's location is only in Nuevo Leon, Mexico, due to client requirement to assist in a hybrid WFH scheme (2 at home and 3 at the office), so, it is NOT a remote role.

IT Security GRC Manager.

Core IT Sec GRC Domains.

Governance & Oversight

• Oversee current programs (I.e. SOX, Risk assessments, risk profiles, iso, global and or regional strategic projects/tasks, etc).


• Provide oversight and coordination of control executions to ensure IT policies and procedures are being followed.


• Coordinate periodic metrics follow up and reporting to key stakeholders to ensure accountability and ownership of projects/tasks.


• Managing of regional cyber security catalog.

Control Framework

• Evaluate the adequacy and effectiveness of internal controls as they relate to the design and operation of computer-based information systems.


• Develop and implement procedures and processes supporting Chubb IT Security and compliance policies, control objectives.


• Produce, document and maintain IT policies and internal controls at various level of the organization in relation to the IT landscape.


• Provide support and guidance over the development and implementation of controls and remediation actions based on practical solutions and sound risk management.


• Provide subject matter expertise and consultative support to IT and business owners on the criticality of Chubb IT Security, Privacy, Risk and Compliance standards, requirements and expectations, testing/audit process and risk management.

Risk Management

• Proactively identify and assess of on-going and emerging IT risks, challenges and process gaps through periodic internal management risk assessment


• Analyze and prioritize areas of focus for mitigation, remediation or process improvement opportunities using a risk-based approach to maximize the efficiency and effectiveness

IT Control Monitoring and Testing

• Proactively identify control gaps.


• Remediation monitoring and tracking to ensure issues and risks are mitigated timely.


• Collaborate with IT to validate and verify audit findings and/or deficiencies.


• Facilitate audit and assessments scoping, planning, pre-audit risk assessment and process walkthroughs during the audit process.


• On-going monitoring and testing of controls to ensure adherence to risk requirements.


• Support the oversight and governance over subservice IT hosting provider(s)

Communication

• Serve as the central communication point between the regional security organization and key stakeholders.


• Provide timely status reporting on current audit statuses, issues, control deficiencies, remediation tracking, ongoing assessments, pen-tests and overall health of the IT environment.


• Provide subject matter expertise and consultative support to IT and business owners on the criticality of Chubb Security, Privacy, Risk and Compliance standards.

Training & Education

• Help on coordinate IT security related training for the IT community and key stake holders on current and new security best practices.


• Contribute to IT Security Training Course development.

Special projects and initiatives

• Collaborate with Global Information Security on new global initiatives.


• Coordinate COG and Global projects and activities at the region.


• Perform quality control analysis over the outcomes of IT security projects and initiatives executed at the region.

Requirements for the role

• Reports to the regional GRC Head.


• In-depth understanding of information security standards, best practices and governance, risk and compliance.


• Knowledge of Chubb IT operating environments including computer operating systems, databases, and core financial applications


• Collaborative with the ability to influence without authority and have impact.


• Superior verbal and written communication and presentation skills, strong interpersonal skills and the ability to work independently.


• Demonstrates sense of prioritization, urgency and a high-degree of initiative and professional judgment.


• Being adaptative in highly changing and ambiguous environments.

Desired Qualifications

• Desirable CISA, CISSP, CISM or CRISC – either currently possess the certification or working towards completing the certification.


• Project management experience. PMP certification a plus.


• BS in a computer science, management information systems or related field.


• IT Security Audit experience a plus.


• Desirable Information Security risk management framework experience.