Information Security Analyst 

Role Purpose:

This role is positioned within the EMEA Cyber Risk & Assurance tower of the Regional Information Security team. It reports directly to the EMEA Head of Cyber Risk & Assurance (CRA) who ultimately reports to the Regional Information Security Officer. 

The main purpose of this role is to assist the objectives and activities of the CRA tower in particular managing Issues and Policy Exceptions of non-compliance with our security policies, control assurance initiatives and reporting to different governance forums. 

This role will require technical knowledge of information security, the ability to build and manage strong relationships with the business, drive independently or under limited supervision objectives under CRA, rationalise risk posture and gaps in key controls, as well as educate stakeholders about our processes, as well as overall security posture. 

The analyst should demonstrate their technical and analytical skills in those activities, and as such will own Chubb’s regional cyber responses providing clear, concise, and consistent Management Information that represent the regional security posture. 

The analyst will have the opportunity to contribute and work with Global teams, generating ideas that can simplify and enhance the efficacy of existing process (e.g., through automated mediums) and provide better standardisation across all regions.

Key Responsibilities:

Manage regional Security Issues and Policy Exceptions, working side to side with the Technical Tower and Issue Owners Provide guidance to the business on how to use InfoSec processes to enhance security posture Develop detailed country-level security posture information Support regional reporting to different governance forums Support assurance initiatives on key controls, identifying gaps, and rationalising the risk to the region, particularly in Identity & Access Management area Manage business relationships, creating awareness of security posture Provide additional support to the Global Cyber Risk & Assurance team where required

Experience: 

Applicants should have 2-5 years experience in cyber security or technology risk management  Knowledge of information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) or attestation reports (e.g., SOC 1/2)  Understanding of risk management process and principles. Proficient use of personal computers and Microsoft Office Suite  Ability to multitask and manage competing priorities  Excellent time management and organizational skills  Excellent interpersonal and conflict management skills  Excellent written and verbal communication skills 

Qualifications: 

Minimum Requirements: Completed a minimum of two years of study pursuing an Associates, Bachelors, or Master’s degree focusing in Information Technology or a STEM subject, and be on track to achieve a 2:1. Preferred courses include; Information Security, Information Technology, Computer Forensics, Ethical Hacking or other subjects related to information technology or information security. The candidate might have or might be interested in looking certifications such as from ISACA, SANS, ISC2 such as CompTIA, CISA, CRISC, CGEIT, GSEC, CISSP (Associate or full CISSP), SSCP or CGRC.