Job Overview:

We are looking for an IT Governance and Security Manager to drive IT and data governance and security initiatives. This role requires a blend of program management, engineering, policy, and negotiation skills. Your job will be to both influence and ensure our team complies with industry/company standards and regulatory requirements. You will also create and execute initiatives to enhance security policies, procedures, and controls with goal of bolster our company’s cyber resilience. The IT Governance and Security Manager will collaborate closely with local and global IT teams, as well as legal, compliance, data management, auditing, and various business units, to maintain secure and compliant IT systems.

About Our Team

Chubb, an internationally recognized global provider of insurance products, specializes in property and casualty, accident and health, reinsurance, and life insurance. Chubb Life Thailand operates the company’s life insurance business in the Thailand market, an important and growing part of Chubb’s APAC portfolio.

We are building a dynamic tech team that will drive the future of insurance. Our primary goal is to create a seamless connection between customers, agents, and partners across the entire insurance product lifecycle. We pride ourselves in being a flat organization that places immense value on innovative ideas, technical expertise, attention to detail, and personal initiative. If you're thrilled by this prospect, we’d love to hear from you!

 

Responsibilities:

1. Cybersecurity & Risk Management

Design and implement a cybersecurity strategy that aligns with the organization's overall business objectives. Conduct regular security risk assessments, vulnerability assessments, and penetration testing to evaluate the organization’s cyber defenses; subsequently, develop and implement security risk mitigation strategies and programs. Lead and coordinate response efforts in the event of security incidents, overseeing investigation, mitigation, and post-incident analysis.

2. Compliance & Regulatory Management

Ensure adherence to relevant laws, regulations, and standards (e.g., PDPA). Implement and lead initiatives for security and compliance audit certifications, including ISO 27001, NIST, the Cyber Resilience Assessment Framework (C-RAF), and other applicable standards and best practices. Recommend, implement, and manage continuous monitoring of IT security systems and tools. Collaborate with legal and data protection teams to establish policies and safeguards for sensitive and personal data.

3. IT Governance

Establish and maintain an IT governance framework, policies, and processes that align with the organization’s business goals while ensuring compliance with legal, regulatory, corporate, and industry requirements. Work in partnership with management, legal, finance, and external auditors to promote transparency and alignment in governance practices. Generate and present reports on IT governance performance, compliance status, and the risk landscape to stakeholders.

4. Data Governance

Develop and implement data governance policies that ensure data quality, security, and compliance. Manage the data lifecycle, align data strategies with business objectives, and collaborate with cross-functional teams to enhance data integrity. Oversee data stewardship, regulatory compliance, and provide best practices for data management to support effective decision-making.

5. Team Leadership and Development

Lead and mentor a small team of IT governance, compliance, and security professionals. Foster a culture of continuous improvement and knowledge sharing within the team and across business units.

Requirements:

Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a related field. A minimum of 5 years of experience in IT governance, cybersecurity, and compliance, with at least 2 years in a managerial role. Strong understanding of IT governance frameworks (e.g., ITIL, COBIT), cybersecurity standards (e.g., ISO 27001, NIST), and regulatory requirements (e.g., PDPA). Possession of basic IT governance and cybersecurity certifications (e.g., CISSP, CISM) is advantageous. Proficient in common technical team/project management tools (e.g., JIRA, Asana, Github). Collaborative team player with strong interpersonal skills, capable of working effectively with both internal and external teams. Working-level fluency in English and Thai. Proficient in English equivalent to IELTS 5.5, CEFR B2, or TOEFL 72; excellent spoken and written communication to effectively work with a global management team. Familiarity with local regulatory bodies (e.g., OIC, SEC, BOT) is a plus. Experience in the insurance industry will be an added advantage.