IT Security Governance Engineer

This position's location is only in Nuevo Leon, Mexico, due to client requirement to assist in a hybrid WFH scheme (2 at home and 3 at the office), so, it is NOT a remote role.

IT Security GRC Manager.

Core IT Sec GRC Domains.

Governance & Oversight

• Oversee current programs (I.e. SOX, Risk assessments, risk profiles, iso, global and or regional strategic projects/tasks, etc).
• Provide oversight and coordination of control executions to ensure IT policies and procedures are being followed.
• Coordinate periodic metrics follow up and reporting to key stakeholders to ensure accountability and ownership of projects/tasks.
• Managing of regional cyber security catalog.

Control Framework

• Evaluate the adequacy and effectiveness of internal controls as they relate to the design and operation of computer-based information systems.
• Develop and implement procedures and processes supporting Chubb IT Security and compliance policies, control objectives.
• Produce, document and maintain IT policies and internal controls at various level of the organization in relation to the IT landscape.
• Provide support and guidance over the development and implementation of controls and remediation actions based on practical solutions and sound risk management.
• Provide subject matter expertise and consultative support to IT and business owners on the criticality of Chubb IT Security, Privacy, Risk and Compliance standards, requirements and expectations, testing/audit process and risk management.

Risk Management

• Proactively identify and assess of on-going and emerging IT risks, challenges and process gaps through periodic internal management risk assessment
• Analyze and prioritize areas of focus for mitigation, remediation or process improvement opportunities using a risk-based approach to maximize the efficiency and effectiveness

IT Control Monitoring and Testing

• Proactively identify control gaps.
• Remediation monitoring and tracking to ensure issues and risks are mitigated timely.
• Collaborate with IT to validate and verify audit findings and/or deficiencies.
• Facilitate audit and assessments scoping, planning, pre-audit risk assessment and process walkthroughs during the audit process.
• On-going monitoring and testing of controls to ensure adherence to risk requirements.
• Support the oversight and governance over subservice IT hosting provider(s)

Communication

• Serve as the central communication point between the regional security organization and key stakeholders.
• Provide timely status reporting on current audit statuses, issues, control deficiencies, remediation tracking, ongoing assessments, pen-tests and overall health of the IT environment.
• Provide subject matter expertise and consultative support to IT and business owners on the criticality of Chubb Security, Privacy, Risk and Compliance standards.

Training & Education

• Help on coordinate IT security related training for the IT community and key stake holders on current and new security best practices.
• Contribute to IT Security Training Course development.

Special projects and initiatives

• Collaborate with Global Information Security on new global initiatives.
• Coordinate COG and Global projects and activities at the region.
• Perform quality control analysis over the outcomes of IT security projects and initiatives executed at the region.

Requirements for the role

• Reports to the regional GRC Head.
• In-depth understanding of information security standards, best practices and governance, risk and compliance.
• Knowledge of Chubb IT operating environments including computer operating systems, databases, and core financial applications
• Collaborative with the ability to influence without authority and have impact.
• Superior verbal and written communication and presentation skills, strong interpersonal skills and the ability to work independently.
• Demonstrates sense of prioritization, urgency and a high-degree of initiative and professional judgment.
• Being adaptative in highly changing and ambiguous environments.

Desired Qualifications

• Desirable CISA, CISSP, CISM or CRISC – either currently possess the certification or working towards completing the certification.
• Project management experience. PMP certification a plus.
• BS in a computer science, management information systems or related field.
• IT Security Audit experience a plus.
• Desirable Information Security risk management framework experience.

If you apply for this opportunity we will get you resume and its contain personal data whose treatment has been authorized by its owner for Digital OnUs, S. de RL de CV (the "Company”). If you are not the owner of this information or have no relation whatsoever with the subjects treated in it, you are requested in the most attentive way not to make copies of it and / or its attached files and delete it immediately, under the risk of being considered as responsible for the unauthorized treatment of personal data in accordance with the Federal Law on Protection of Personal Data Held by Private Parties, its Regulations, and other applicable regulations. If you are the owner of personal data in possession of the Company and wish to obtain further information regarding the processing of your personal data or the exercise of your ARCO rights, please consult our integral privacy notice on the website https://www.digitalonus.com/privacy-policy/