Overview Information Security Manager - Controls Assurance Chubb is the world's largest publicly traded property and casualty insurer. With operations in 54 countries, employing approximately 30,000 people worldwide; Chubb provides commercial and personal property and casualty insurance, personal accident and supplemental health insurance, reinsurance and life insurance to a diverse group of clients across multinational corporations and small to mid-size businesses.
The company is distinguished by its extensive product and service offerings, broad distribution capabilities, exceptional financial strength, underwriting excellence, superior claims handling expertise and local operations globally.
Are you passionate about working for the world's largest property & casualty insurer with excellent employee benefits and offices in 54 countries? If so, then we would love to hear from you!
The purpose of this role is to continue to develop an effective control assurance programme suitable for the organisation which will enable the Information Security function to identify, test and report on relevant controls which mitigate cyber risk. This includes reviewing prioritised Critical/High risk controls on a regular basis, supporting the EMEA Information Security Team by reporting and detailing control gaps and failings or providing assurance that controls are effective and working appropriately.
There will need to be close co-ordination with the other roles within the Cyber Risk and Assurance team as well as the technical members of the EMEA Information Security team. These relationships will help the prioritisation of control testing, using the asset control register to both identify the areas of focus and as a repository for reporting any control weaknesses once controls are assessed.
This role will be responsible for managing the cycle of assessments, review process and procedure, co-ordination and communication with the business and relevant functions and in addition to ultimately be able to report on the control environment posture for the region. This will also include the tracking of control status and any policy exemptions. KEY RESPONSIBILITIES:
KNOWLEDGE & EXPERIENCE
- Build upon the foundation and develop the current Control Assurance programme for the Chubb EMEA region, utilising the latest control library and risk assessment programmes and incorporating into the wider enterprise risk framework.
- Principal point of contact for assessing existing controls and identifying remediation opportunities to improve controls where they are not effective. This includes highlighting any areas for control efficiency and improvement.
- Responsible for ensuring controls are commensurate to the organisational risk appetite and meet any relevant regulatory and international security requirements. It is the responsibility of this role to highlight and notify the risk management team of any gaps, ineffective controls or failure to meet regulatory standards.
- Produce reports on current control status, areas of concern, prioritisation of control focus and plan and prepare assessments for forthcoming review. This includes residual risks, policy exemptions, vulnerabilities and potential exposures. Recommendations for remedial actions should be included.
- To have awareness of the Information Security asset control register (ACR) to ensure that controls are appropriate to manage any identified issues.
- Consideration should be made of standards such as NIST, ISO27001, PCI-DSS, COBIT and assessment of the potential to utilise these within the organisation to develop the control framework moving forward.
- This role will be encouraged to inform and guide the deployment of technical, administrative and physical controls to meet the security requirements of the organisation.
- To work within the Risk & Assurance team to help develop strategy and plans to address residual risk within the organisation.
- Supporting annual review of the Security policies, standards, procedures and guidelines from a control risk perspective.
- Experience working as an information security professional working within industry, with proven experience developing, implementing, maintaining and leading an effective information security control assurance programme.
- Experience using a number of industry recognised information security frameworks.
- Strong stakeholder management skills, including technical members of staff and senior executives, including stakeholder negotiation and influencing.
- Experience performing security risk assessments and controls assurance activities.
- Experience assessing requirements against legal, regulatory and policy-control frameworks.
- Expert knowledge of the General Data Protection Regulation.
- Proven ability to understand and analyse complex business processes and technologies to make sound recommendations to non-technical constituents
- Experience interpreting and applying information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) or attestation reports (e.g., SOC 1/2)
- Use and knowledge of Governance, Risk and Compliance Platforms.
- Experience working in transformation or continual improvement programmes.
- Experience within the insurance industry or financial services preferred.
- Bachelor's degree or equivalent work experience
- Certification such as CISM, CISA, CRISC, CCSP, CISSP or CIPP is a plus
INTEGRITY. CLIENT FOCUS. RESPECT. EXCELLENCE. TEAMWORK
Our core values decide how we live and work. We're an ethical and honest company that's wholly committed to its clients. A business that's engaged in mutual trust and respect for its employees and partners. A place where colleagues perform at the highest levels. And a working environment that's collaborative and encouraging.
Diversity & Inclusion. At Chubb we consider our people our chief competitive advantage and as such we treat colleagues, candidates, clients, and business partners with equality, fairness and respect, regardless of their age, disability, race, religion or belief, gender, sexual orientation, marital status or family circumstances. Work Location:
London - Leadenhall Job Function:
Information Technology Employment Type:
Join Our Talent Network
We came a long way in a very short space of time.