.**This position's location is only in Nuevo Leon, Mexico, due to client requirement to assist in a hybrid WFH scheme (2 at home and 3 at the office), so, it is NOT a remote role.****IT Security GRC Manager.**Core IT Sec GRC Domains.**Governance & Oversight**- Oversee current programs (I.E. SOX, Risk assessments, risk profiles, iso, global and or regional strategic projects/tasks, etc).- Provide oversight and coordination of control executions to ensure IT policies and procedures are being followed.- Coordinate periodic metrics follow up and reporting to key stakeholders to ensure accountability and ownership of projects/tasks.- Managing of regional cyber security catalog.**Control Framework**- Evaluate the adequacy and effectiveness of internal controls as they relate to the design and operation of computer-based information systems.- Develop and implement procedures and processes supporting Chubb IT Security and compliance policies, control objectives.- Produce, document and maintain IT policies and internal controls at various level of the organization in relation to the IT landscape.- Provide support and guidance over the development and implementation of controls and remediation actions based on practical solutions and sound risk management.**Risk Management**- Proactively identify and assess of on-going and emerging IT risks, challenges and process gaps through periodic internal management risk assessment- Analyze and prioritize areas of focus for mitigation, remediation or process improvement opportunities using a risk-based approach to maximize the efficiency and effectiveness**IT Control Monitoring and Testing**- Proactively identify control gaps.- Remediation monitoring and tracking to ensure issues and risks are mitigated timely.- Collaborate with IT to validate and verify audit findings and/or deficiencies.- Facilitate audit and assessments scoping, planning, pre-audit risk assessment and process walkthroughs during the audit process.- On-going monitoring and testing of controls to ensure adherence to risk requirements.- Support the oversight and governance over subservice IT hosting provider(s)**Communication**- Serve as the central communication point between the regional security organization and key stakeholders.- Provide timely status reporting on current audit statuses, issues, control deficiencies, remediation tracking, ongoing assessments, pen-tests and overall health of the IT environment.**Training & Education**- Help on coordinate IT security related training for the IT community and key stake holders on current and new security best practices.- Contribute to IT Security Training Course development.**Special projects and initiatives**- Collaborate with Global Information Security on new global initiatives.- Coordinate COG and Global projects and activities at the region.- Perform quality control analysis over the outcomes of IT security projects and initiatives executed at the region