Review global policies and standards with APAC Technology stakeholders, as well as provide consolidated feedback and/or clarification to policy owners.
Collate and prepare reports to Chubb senior management regarding adherence to Chubb's minimum technology and security controls, IT risks, IT audit findings, and remediation plans.
Drive the execution of Technology Risk Management framework, ensuring effective implementation of risk policies and procedures across regional technology functions.
Prepare and develop technology risk insights (such as IT audit thematic and trend analysis) to be presented at APAC Technology Risk Management Committee.
Improve the existing technology processes, risks and control taxonomies based on internal policies and standards, regional regulatory requirements, industry standards and best practices.
Engage and collaborate with technology stakeholders to proactively identify risks at a detailed and technical level and ensure that IT is effectively driving remediation activities and to continuously improve IT risk posture.
Maintain and improve the issue register to ensure timely remediation of issues and meaningful reporting to management.
Facilitate and manage stakeholder self-assessment initiatives to identify controls gaps.
Facilitate the development and implementation of the Risk Appetite and Tolerance framework, working with senior leadership to define risk boundaries and embed them into decision-making processes.
Establish and monitor Key Risk Indicators (KRIs) to enable ongoing risk monitoring, trend analysis, and early detection of emerging risks across Business, Geographical and Corporate units
Gather and consolidate gaps identified and present to the management with a risk lens.
Perform thematic review or risk assessment of areas requested by management.
Accountable for managing regional internal and external reviews/audits from audit planning (such as request for information (RFI), opening meeting, etc.), fieldwork (such as RFI, issue discussion, etc.), to reporting and closing meeting.
Responsible for monitoring and validating the closure of management actions, arising from internal and external reviews/audits, including regulator inspection reviews.
Approve major system enhancements from a risk and compliance perspective.
Act as the ambassador of risk culture.
Role Requirements
Require strong relationship building with all layers of the organisation and the ability to influence and affect change with commercial acumen.
Knowledge of regulatory compliance requirements across the region, as well as international standards such as PCI, SOX, ISO27001, OWASP and NIST.
Knowledge of common IT technologies (OS, databases, network devices, applications).
Experience in leading programs for proactively identifying risk exposure and potential non-compliant areas.
Superior verbal and written communication and presentation skills, strong interpersonal skills and the ability to work independently.
Collaborative with the ability to influence without authority and have impact.
Demonstrates sense of urgency and a high degree of initiative and professional judgment.
Strong excel and power point skills.
Eager to learn new and varied systems.
Service focused, analytical and detail oriented.
Qualifications
CISA, CISSP, CISM, or CRISC (currently possess the certification or working towards completing the certification).
A Degree in fields such as Computer Science, Information Systems, and Engineering or equivalent work experience.
Risk Management, Compliance or IT Audit experience.
Minimum 8 years of Technology Risk Management experience in a large organisation, preferably in a multi-national company.
