.Job RequirementsCore IT Security GRC Domains.Governance & Oversight- Oversee current programs (I.E., SOX, Risk assessments, risk profiles, iso, global and or regional strategic projects/tasks, etc.).- Provide oversight and coordination of control executions to ensure IT policies and procedures are being followed.- Coordinate periodic metrics follow up and reporting to key stakeholders to ensure accountability and ownership of projects/tasks.- Managing of regional cyber security catalog.Control Framework- Evaluate the adequacy and effectiveness of internal controls as they relate to the design and operation of computer-based information systems.- Develop and implement procedures and processes supporting Chubb IT Security and compliance policies, control objectives.- Produce, document and maintain IT policies and internal controls at various level of the organization in relation to the IT landscape.- Provide support and guidance over the development and implementation of controls and remediation actions based on practical solutions and sound risk management.Risk Management- Proactively identify and assess of on-going and emerging IT risks, challenges and process gaps through periodic internal management risk assessments- Analyze and prioritize areas of focus for mitigation, remediation or process improvement opportunities using a risk-based approach to maximize the efficiency and effectiveness.IT Control Monitoring and Testing- Proactively identify control gaps.- Remediation monitoring and tracking to ensure issues and risks are mitigated timely.- Collaborate with IT to validate and verify audit findings and/or deficiencies.- Facilitate audit and assessments scoping, planning, pre-audit risk assessment and process walkthroughs during the audit process.- On-going monitoring and testing of controls to ensure adherence to risk requirements.- Support the oversight and governance over subservice IT hosting provider(s)Communication- Serve as the central communication point between the regional security organization and key stakeholders.- Provide timely status reporting on current audit statuses, issues, control deficiencies, remediation tracking, ongoing assessments, pen-tests and overall health of the IT environment.Training & Education- Help on coordinate IT security related training for the IT community and key stake holders on current and new security best practices.- Contribute to IT Security Training Course development.Special projects and initiatives- Collaborate with Global Information Security on new global initiatives.- Coordinate COG and Global projects and activities at the region.- Perform quality control analysis over the outcomes of IT security projects and initiatives executed at the region.Work ExperienceRequirements for the role- Reports to the regional GRC Head.- In-depth understanding of information security standards, best practices and governance, risk and compliance