Info Security & IT Compliance - Multi Disc -Prof 2 (338761)
Chubb Global Information Security is looking for a dynamic individual to manage the Third-Party Cyber Risk (TPCR) program in North America, lead the Global Third-Party Due Diligence team and act as the Cloud Governance Lead to support our global Third-Party Risk Management initiatives at Chubb. This individual will provide support to the following teams:
Third-Party Cyber Risk (North America): Program lead for the evaluation of information risk associated with third-party service providers leveraged by Chubb. Execute a risk-based approach in the evaluation processes for each engagement to protect Chubb’s reputation, financial well-being, ability to meet business objective and regulatory obligations.
Third-Party Risk Due Diligence: Control and manage the risks presented by Chubb’s engagement with third party providers. Coordination with business partners in Procurement, Privacy Office, Global TPCR, Physical Security, Records Management and the vendor owner from the Chubb business line will be necessary to track that contingent approval actions have been addressed.
Cloud Governance Committee: Coordinate and moderate Chubb's Cloud Governance Committee (CGC) meetings. This will involve joining with individuals from multiple departments to help evaluate the risk of third-party providers who leverage cloud infrastructure for delivering services to Chubb. Each engagement is evaluated to ensure alignment with Chubb's cloud security control standards and to provide solutions to assist in the ability to meet business objectives. This role requires an individual who can work confidently within a matrixed corporate environment across multiple regions. In addition, the individual must be flexible and demonstrate the ability to translate fairly abstract goals and objectives into a tangible work plan with deliverables and milestones according to a fixed schedule. The individual must be comfortable creating project plans and managing associated risk and change for multiple projects simultaneously within the project lifecycle. In addition, this individual must have strong Excel skills and experience working with SaaS-based tools.
This position will present multiple opportunities to offer creative solutions to complex business problems within the scope of Chubb’s third-party risk management oversight program and to work collaboratively with stakeholder and internal customer teams across Chubb.
- Manage Third-Party Cyber Risk program in North America
- Support Chubb’s Third-Party Due Diligence function by collaborating on the solution framework, associated processes and supporting tools to manage third-party risk across Chubb’s supply base
- Coordinate with business partners in Procurement, Privacy Office, TPCR, Physical Security, Records Management and the vendor owner from the Chubb business line to track that contingent approval actions have been addressed
- Support the operation of the due diligence function for all new third parties
- Assist in developing and maintaining working relationships with counterparts in Procurement, Legal, Internal Audit, Compliance, Finance, Information Security, Infrastructure and other stakeholders to implement vendor qualification, risk assessment and reporting policies and mitigation measures
- Manage reporting and metrics tracking solution for the Third-Party Due Diligence Program
- Ensure the Third-Party Due Diligence Program’s processes are consistent with related policies, including Chubb’s Global Third-Party policy
- Lead and record minutes for all new cloud initiatives presented during Cloud Governance meetings
- Act as a primary point of reference for Cloud Governance inquiries submitted by Chubb stakeholders
- Communicate to Chubb internal stakeholders the results of Cloud Governance reviews
- Document and continuously track Cloud Governance review results
- Generate monthly metrics for presentation to Chubb Senior Management
- Coordinate with internal Chubb stakeholders to ensure Cloud Governance contingent approval actions have been properly addressed