Information Security Specialist, North America

About the job

Job Description

The Information Security Specialist will be aligned under the Technical Information Security team tasked with assisting the Regional Information Security Officer (RISO) in the development, implementation, and maintenance of the global information security program across the NA region. This role will work closely with NA regional technology infrastructure team and; department IT teams as well as Global Information Security functions (Security Operations, Security Design & Engineering and Security Incident response). This role will report to the NA Head of Technical Security.

The role will be expected to cover a broad range of specialist technical security-oriented tasks and duties, these will require practical knowledge, and hands on experience across all aspects of technical Information Security. The successful candidate will have demonstrated strong experience with cyber security governance, tools, processes and solutions.

Responsibilities

The incumbent will also demonstrate strong awareness and knowledge of current information security threats, challenges, concepts, and principles facing the Financial Services industry, as well as solid project management disciplines and communication skill. Ability to build trust relationships across the NA Technology team, and influence securing the organization will be key. The ‘Information Security Specialist – NA’ will be responsible for supporting the following activities:

  • Enforce and advise global Information Security policies, standards, and processes to NA stakeholders.
  • Provide a supporting/governance role in Security BaU activities (Global Security initiatives, solutions and processes, Regional IT & Infrastructure function liaison and alignment).
  • Security Assurance governance and reporting (Vulnerability management governance & reporting).
  • Information Security Project related / continual improvement support (supporting cyber transformation projects and ad-hoc activities to uplift and mature the NA technology security control environment and visibility of gaps and weaknesses).
  • Provide management with insights around the region in relation to Information Security matters.

Qualifications

  • Information Security Project /control and cyber risk profile improvement support:
  • Supporting global, regional, and country level cyber transformation projects, initiatives and ad-hoc activities to uplift, mature and align the NA technology security control environment.

Manage And Support Technical Security BaU

  • Manage and support Technical Security BaU activities as required (Security solutions and processes, Regional IT & Infrastructure function liaison and alignment).
  • Help ensure regional IT infrastructure integrates and compliments global security solutions, ensuring global requirements are met.
  • Keep up to date with global security technologies and tooling:
    • Ensure global alignment and support structure in line with Global CISO operating model for regions e.g., Anti-Virus, Firewall, DLP, IPS, PAM, Web Proxy.
    • Ensure Technology teams are engaging and alignment to central teams and functions.
    • Support local tools and requirements where the need arises ensuring compliance to Chubb policy and standards.
  • Conduct assessments of existing security operational processes and recommend changes to associated policies, standards, controls, and procedures.
  • Support assurance review over IT requested Firewall rule changes across the region ensuring challenge and oversight.

Vulnerability Management & Security Testing Assurance

  • Support regional Vulnerability management activities ensuring global aligned scanning and reporting services are embedded and consumed in the NA region.
  • Support Security governance through regular meetings with NA IT teams to highlight and maintain focus on regular resolution of Infrastructure related vulnerabilities.
  • Work with Vulnerability management tooling to extract and produce ad-hoc reporting. Customise and share VMS reports to line of business in addition to base reporting where required.
  • Maintain awareness of emerging vulnerabilities and, where appropriate, act to mitigate threats and remediate vulnerabilities.
  • Support Security testing activities that may involve the NA region (red teaming, purple teaming).
  • Support and advise Technology teams from the Security perspective on penetration tests, and application scanning vulnerability findings, and review suggested remediations to ensure appropriateness and issue resolution.

Incident Management And Response

  • Support Regional and Global Information Security team to respond, analyse and support during a security incident and work closely with the local technology teams and IT system engineers as well as the Chubb SOC to resolve the incidents.
  • Participate in post-incident reporting and propose enhancement to the systems and IT infrastructure to close the security gaps.
  • Coordinate periodic testing of information security-specific processes, such as incident response plans.

Technical Security Issues And Risk Remediation Tracking

  • Help the RISO team track and maintain a central view of technical security gaps and issues in the regional Issue register.
  • Where required help ensure that risk remediation plans with relevant parties to achieve compliance with security requirements and mitigate identified risks to an acceptable level.

Regulatory Compliance Related Assessment

  • Support the RISO in the assessment and response to technical cyber security related aspects highlighted notices, circulars and guidance’s arising from NA regulators.

Security Monitoring & Reporting

  • Defines and documents relevant information security principles, practices and delivers timely reports on relevant information security metrics.
  • Provide management with insights around the region in relation to Information Security matters.

About Us

Chubb is a world leader in insurance. With operations in 54 countries, Chubb provides commercial and personal property and casualty insurance, personal accident and supplemental health insurance, reinsurance, and life insurance to a diverse group of clients. The company is distinguished by its extensive product and service offerings, broad distribution capabilities, exceptional financial strength, underwriting excellence, superior claims handling expertise and local operations globally.

At Chubb, we are committed to equal employment opportunity and compliance with all laws and regulations pertaining to it. Our policy is to provide employment, training, compensation, promotion, and other conditions or opportunities of employment, without regard to race, color, religious creed, sex, gender, gender identity, gender expression, sexual orientation, marital status, national origin, ancestry, mental and physical disability, medical condition, genetic information, military and veteran status, age, and pregnancy or any other characteristic protected by law. Performance and qualifications are the only basis upon which we hire, assign, promote, compensate, develop and retain employees. Chubb prohibits all unlawful discrimination, harassment and retaliation against any individual who reports discrimination or harassment.

More Information

Apply for this job
Share this job

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 remain open for late entries! Winners Announced October 31, 2024

X