The purpose of this role is to provide technical security assurance, guidance / various levels of stakeholder influence and direction across the APAC (Life) region, focusing on project lifecycle and security related improvements to IT\business process. This is a hands-on type of role, and the incumbent will be responsible/ownership for helping ensure and assure that what projects deliver is safe and secure, and compliant to our Information Security policy and standards. This role reports to the Head of Technical Security, primarily responsible for APAC Life but will also be a primary delegate in other areas that need leadership based on manager capacity/availability.

 

Responsibilities

Security assurance, assessments, advisory of Chubb Life IT and Business projects. Build Permit & Agile.  Security assurance, assessments, advisory of Chubb Life IT for BaU technical security matters, acting as the RISO TechSec lead to the APAC Life business. Participate in SDLC and Agile projects as the lead APAC Life lead RISO team security representative, driving good practice through consultancy and advice.  Monitor and advise on Security issue management identified through projects. Support Security issue escalations to RISO and GIS leadership helping frame and articulate technical security control gaps & weaknesses. Provide technical security advise guidance where required aligned to Chubbs Information Security policy, standards, and industry practice. Help support, implement, and monitor standards with regional\outsourced Life IT and Development Collaborate, guide, and influence Life IT and Business units, to correct non-compliant processes identified by security tools and processes, with a focus on local requirements where necessary. Identify gaps in technical security policy and process, help develop standards and processes. Assist and contribute to strategic, global, and regional security project plans and deployment within Life. Provide metrics and mechanism for gathering metrics for relevant areas of responsibility when required supporting Technical security and RISO Cyber governance requests and activities. Good knowledge working knowledge of securing applications managed in modern stacks such as CI/CD pipeline, Containers, and hybrid cloud / multicloud.  Proven ability to adapt to fast paced and changing environment and driving for positive outcomes. Excellent communication skills, ability to explain technical issues to mixed audience ranging from technical to business, project management to leadership Knowledge of project lifecycles, with working experience of Agile project methodology  Good understanding of Securing IT technologies such as networking, servers, IOT etc. Demonstrated ability to understand and analyse complex business processes and technologies to make sound recommendations to constituents  Experience interpreting and applying information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) Experience within the insurance industry or financial services preferred At least 5-10 years IT experience, working in a technical discipline  At least 5-10 years working experience of security technologies At least 5-10 years’ experience working in a technical managerial role, with exposure to senior management and decision making