Job Description
The Head of Technical Security will report directly to the Regional Information Security Officer, APAC.
The Head of Technical Security will be responsible for providing technical security guidance and leadership across the APAC Region. Key responsibilities include security assessments of applications, IT and business projects, infrastructure and application vulnerabilities, understanding the regional implementations of existing and new global security technologies, and supporting regional cyber security incidents in coordination with the Data Protection Officer and global teams. The successful candidate would be responsible for executing on strategies, policies and standards developed by APAC and Global leadership.
Key Responsibilities
Build, manage and develop a technical security team aligned to the Group and Regional Information Security model.
Manage the security assessment process of applications and infrastructure being driven by IT and Business projects.
- Confirm design and security meets leading practices, as well as Chubb's policies and standards ensuring issues are identified, remediated or managed through the exception process
- Provide oversight, approval and guidance to regional development teams, and provide security input for development process, where possible
- Drive regional IT process improvements with Infrastructure and Application Development teams to improve the remediation of infrastructure and application-level vulnerabilities.
- Implement standards and processes to manage the security configuration of all devices and support security-related change management activities in support of policies and standards
- Understand the APAC rollout of global security enablement projects, including interaction with Architecture, Infrastructure, and Development teams.
- Provide technical expertise and input, into new and existing, policies and standards based on regional regulatory requirements.
- Provide technical expertise and input to regional priorities, in line with global strategy. Keep up to date with global strategic direction.
- Support integration of regional IT infrastructure with global security solutions, ensuring global requirements are met. Keep up to date with global security technologies.
- Manage new security assessments, and recertifications, of applications, ensuring issues are identified, remediated or managed through the exception process
Qualifications/Requirements
QUALIFICATIONS
- Bachelor's Degree from an accredited college or university in Information Security, Information Technology, Computer Science, or a related technical degree
- At least 10 years IT experience, working in a technical discipline
- At least 10 years working experience of security technologies
- At least 5 years experience working in a senior technical role, with exposure to senior management and decision making
- Expert knowledge of security technology, with proven ability to apply knowledge to use case
- Excellent stakeholder management skills, including technical members of staff and senior executives, including stakeholder negotiation and influencing
- Knowledge of project lifecycles, with understanding of project lifecycle methodologies such as Agile, Waterfall and CI/CD
- Proven ability to follow, and implement incident management processes, managing stakeholders and organizing technical resources
- Experience with Identity & Access Management processes.
- Extensive understanding of IT technologies such as networking, servers, IOT etc.
- Extensive experience understanding application architectures and their security
- Detailed knowledge of securing cloud platforms and applications
- Demonstrated ability to understand and analyze complex business processes and technologies to make sound recommendations to constituents
- Experience interpreting and applying information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.)
Preferred Qualifications
- Experience within the insurance industry or financial services
