Chubb Life: IT Governance and Security Manager

Job Overview:

We are looking for an IT Governance and Security Manager to drive IT and data governance and security initiatives. This role requires a blend of program management engineering policy and negotiation skills. Your job will be to both influence and ensure our team complies with industry/company standards and regulatory requirements. You will also create and execute initiatives to enhance security policies procedures and controls with goal of bolster our companys cyber resilience. The IT Governance and Security Manager will collaborate closely with local and global IT teams as well as legal compliance data management auditing and various business units to maintain secure and compliant IT systems.

About Our Team

Chubb an internationally recognized global provider of insurance products specializes in property and casualty accident and health reinsurance and life insurance. Chubb Life Thailand operates the companys life insurance business in the Thailand market an important and growing part of Chubbs APAC portfolio.

We are building a dynamic tech team that will drive the future of insurance. Our primary goal is to create a seamless connection between customers agents and partners across the entire insurance product lifecycle. We pride ourselves in being a flat organization that places immense value on innovative ideas technical expertise attention to detail and personal initiative. If youre thrilled by this prospect wed love to hear from you!

Responsibilities:

1. Cybersecurity & Risk Management

• Design and implement a cybersecurity strategy that aligns with the organizations overall business objectives.
• Conduct regular security risk assessments vulnerability assessments and penetration testing to evaluate the organizations cyber defenses; subsequently develop and implement security risk mitigation strategies and programs.
• Lead and coordinate response efforts in the event of security incidents overseeing investigation mitigation and post-incident analysis.

2. Compliance & Regulatory Management

• Ensure adherence to relevant laws regulations and standards (e.g. PDPA).
• Implement and lead initiatives for security and compliance audit certifications including ISO 27001 NIST the Cyber Resilience Assessment Framework (C-RAF) and other applicable standards and best practices.
• Recommend implement and manage continuous monitoring of IT security systems and tools.
• Collaborate with legal and data protection teams to establish policies and safeguards for sensitive and personal data.

3. IT Governance

• Establish and maintain an IT governance framework policies and processes that align with the organizations business goals while ensuring compliance with legal regulatory corporate and industry requirements.
• Work in partnership with management legal finance and external auditors to promote transparency and alignment in governance practices.
• Generate and present reports on IT governance performance compliance status and the risk landscape to stakeholders.

4. Data Governance

• Develop and implement data governance policies that ensure data quality security and compliance.
• Manage the data lifecycle align data strategies with business objectives and collaborate with cross-functional teams to enhance data integrity.
• Oversee data stewardship regulatory compliance and provide best practices for data management to support effective decision-making.

5. Team Leadership and Development

• Lead and mentor a small team of IT governance compliance and security professionals.
• Foster a culture of continuous improvement and knowledge sharing within the team and across business units.

Requirements:

• Bachelors or Masters degree in Computer Science Information Technology Cybersecurity or a related field.
• A minimum of 5 years of experience in IT governance cybersecurity and compliance with at least 2 years in a managerial role.
• Strong understanding of IT governance frameworks (e.g. ITIL COBIT) cybersecurity standards (e.g. ISO 27001 NIST) and regulatory requirements (e.g. PDPA).
• Possession of basic IT governance and cybersecurity certifications (e.g. CISSP CISM) is advantageous.
• Proficient in common technical team/project management tools (e.g. JIRA Asana Github). Collaborative team player with strong interpersonal skills capable of working effectively with both internal and external teams.
• Working-level fluency in English and Thai. Proficient in English equivalent toIELTS5.5CEFRB2 orTOEFL72; excellent spoken and written communication to effectively work with a global management team.
• Familiarity with local regulatory bodies (e.g. OIC SEC BOT) is a plus.
• Experience in the insurance industry will be an added advantage.