This position's location is only in Nuevo Leon, Mexico, due to client requirement to assist in a hybrid WFH scheme (2 at home and 3 at the office), so, it is NOT a remote role.
IT Security GRC Manager.
Core IT Sec GRC Domains.
Governance & Oversight
- Oversee current programs (I.e. SOX, Risk assessments, risk profiles, iso, global and or regional strategic projects/tasks, etc).
- Provide oversight and coordination of control executions to ensure IT policies and procedures are being followed.
- Coordinate periodic metrics follow up and reporting to key stakeholders to ensure accountability and ownership of projects/tasks.
- Managing of regional cyber security catalog.
- Evaluate the adequacy and effectiveness of internal controls as they relate to the design and operation of computer-based information systems.
- Develop and implement procedures and processes supporting Chubb IT Security and compliance policies, control objectives.
- Produce, document and maintain IT policies and internal controls at various level of the organization in relation to the IT landscape.
- Provide support and guidance over the development and implementation of controls and remediation actions based on practical solutions and sound risk management.
- Provide subject matter expertise and consultative support to IT and business owners on the criticality of Chubb IT Security, Privacy, Risk and Compliance standards, requirements and expectations, testing/audit process and risk management.
- Proactively identify and assess of on-going and emerging IT risks, challenges and process gaps through periodic internal management risk assessment
- Analyze and prioritize areas of focus for mitigation, remediation or process improvement opportunities using a risk-based approach to maximize the efficiency and effectiveness
IT Control Monitoring and Testing
- Proactively identify control gaps.
- Remediation monitoring and tracking to ensure issues and risks are mitigated timely.
- Collaborate with IT to validate and verify audit findings and/or deficiencies.
- Facilitate audit and assessments scoping, planning, pre-audit risk assessment and process walkthroughs during the audit process.
- On-going monitoring and testing of controls to ensure adherence to risk requirements.
- Support the oversight and governance over subservice IT hosting provider(s)
- Serve as the central communication point between the regional security organization and key stakeholders.
- Provide timely status reporting on current audit statuses, issues, control deficiencies, remediation tracking, ongoing assessments, pen-tests and overall health of the IT environment.
- Provide subject matter expertise and consultative support to IT and business owners on the criticality of Chubb Security, Privacy, Risk and Compliance standards.
Training & Education
- Help on coordinate IT security related training for the IT community and key stake holders on current and new security best practices.
- Contribute to IT Security Training Course development.
Special projects and initiatives
- Collaborate with Global Information Security on new global initiatives.
- Coordinate COG and Global projects and activities at the region.
- Perform quality control analysis over the outcomes of IT security projects and initiatives executed at the region.
Requirements for the role
- Reports to the regional GRC Head.
- In-depth understanding of information security standards, best practices and governance, risk and compliance.
- Knowledge of Chubb IT operating environments including computer operating systems, databases, and core financial applications
- Collaborative with the ability to influence without authority and have impact.
- Superior verbal and written communication and presentation skills, strong interpersonal skills and the ability to work independently.
- Demonstrates sense of prioritization, urgency and a high-degree of initiative and professional judgment.
- Being adaptative in highly changing and ambiguous environments.
- Desirable CISA, CISSP, CISM or CRISC – either currently possess the certification or working towards completing the certification.
- Project management experience. PMP certification a plus.
- BS in a computer science, management information systems or related field.
- IT Security Audit experience a plus.
- Desirable Information Security risk management framework experience.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided