IT Security Governance Engineer - Tech Mahindra Garza Garcia, Nuevo León, Mexico Bookmark Share Print 164 0 0

Listing Description

This position's location is only in Nuevo Leon, Mexico, due to client requirement to assist in a hybrid WFH scheme (2 at home and 3 at the office), so, it is NOT a remote role.


IT Security GRC Manager.


Core IT Sec GRC Domains.


Governance & Oversight

  • Oversee current programs (I.e. SOX, Risk assessments, risk profiles, iso, global and or regional strategic projects/tasks, etc).

  • Provide oversight and coordination of control executions to ensure IT policies and procedures are being followed.

  • Coordinate periodic metrics follow up and reporting to key stakeholders to ensure accountability and ownership of projects/tasks.

  • Managing of regional cyber security catalog.


Control Framework

  • Evaluate the adequacy and effectiveness of internal controls as they relate to the design and operation of computer-based information systems.

  • Develop and implement procedures and processes supporting Chubb IT Security and compliance policies, control objectives.

  • Produce, document and maintain IT policies and internal controls at various level of the organization in relation to the IT landscape.

  • Provide support and guidance over the development and implementation of controls and remediation actions based on practical solutions and sound risk management.

  • Provide subject matter expertise and consultative support to IT and business owners on the criticality of Chubb IT Security, Privacy, Risk and Compliance standards, requirements and expectations, testing/audit process and risk management.


Risk Management

  • Proactively identify and assess of on-going and emerging IT risks, challenges and process gaps through periodic internal management risk assessment

  • Analyze and prioritize areas of focus for mitigation, remediation or process improvement opportunities using a risk-based approach to maximize the efficiency and effectiveness


IT Control Monitoring and Testing

  • Proactively identify control gaps.

  • Remediation monitoring and tracking to ensure issues and risks are mitigated timely.

  • Collaborate with IT to validate and verify audit findings and/or deficiencies.

  • Facilitate audit and assessments scoping, planning, pre-audit risk assessment and process walkthroughs during the audit process.

  • On-going monitoring and testing of controls to ensure adherence to risk requirements.

  • Support the oversight and governance over subservice IT hosting provider(s)



  • Serve as the central communication point between the regional security organization and key stakeholders.

  • Provide timely status reporting on current audit statuses, issues, control deficiencies, remediation tracking, ongoing assessments, pen-tests and overall health of the IT environment.

  • Provide subject matter expertise and consultative support to IT and business owners on the criticality of Chubb Security, Privacy, Risk and Compliance standards.


Training & Education

  • Help on coordinate IT security related training for the IT community and key stake holders on current and new security best practices.

  • Contribute to IT Security Training Course development.


Special projects and initiatives

  • Collaborate with Global Information Security on new global initiatives.

  • Coordinate COG and Global projects and activities at the region.

  • Perform quality control analysis over the outcomes of IT security projects and initiatives executed at the region.


Requirements for the role

  • Reports to the regional GRC Head.

  • In-depth understanding of information security standards, best practices and governance, risk and compliance.

  • Knowledge of Chubb IT operating environments including computer operating systems, databases, and core financial applications

  • Collaborative with the ability to influence without authority and have impact.

  • Superior verbal and written communication and presentation skills, strong interpersonal skills and the ability to work independently.

  • Demonstrates sense of prioritization, urgency and a high-degree of initiative and professional judgment.

  • Being adaptative in highly changing and ambiguous environments.


Desired Qualifications

  • Desirable CISA, CISSP, CISM or CRISC – either currently possess the certification or working towards completing the certification.

  • Project management experience. PMP certification a plus.

  • BS in a computer science, management information systems or related field.

  • IT Security Audit experience a plus.

  • Desirable Information Security risk management framework experience.

Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided


  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided

About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765