Job Requisition – Technical Security Analyst

Chubb is the world’s largest and most profitable publicly traded insurer with operations in 54 countries with a premier brand reputation.  Chubb is distinguished by its extensive product and service offerings, broad distribution capabilities, exceptional financial strength, risk expertise, underwriting discipline, service excellence, superior claims handling expertise, and local operations globally. 

Description

The Technical Security Analyst will work on Technical Security team as a member of the wider North America RISO team. The technical team provides security guidance and advisory services to other IT stakeholders, focusing on project security and security related improvements to IT and business. The role reports directly to the Head of Technical Security NA, responsible for leading the regional technical security team. Key responsibilities for the role include providing security advice to regional IT projects in Chubb’s SDLC, security assessments for changes, reporting and metrics, and CIO support.

Required Skills

Application Security 

Well versed in application security principles, practices, and standards. Working knowledge of CI/CD pipelines, automation, and methods to secure. Knowledge of authentication and authorization processes and technologies. Experience with interpreting results of security scanning tools, including SAST/DAST/SCA/IAST/Infra Vulnerability Scans, and advising with remediation.

Reporting and Automation

Gathering, understanding, and presenting security metrics. Experience working with BI tools (Qlik preferred). Experience with automating business processes (Power Automate preferred).

Communications

Strong verbal and written communication skills to articulate security concepts to technical and non-technical stakeholders. Demonstrated ability to work collaboratively with cross-functional teams, including other security functions and business units. Ability to provide awareness on application security concepts for developers and other staff.

Additional Skills

Proactive attitude towards learning and staying current with security trends and emerging threats. Ability to adapt to a dynamic work environment and manage multiple tasks effectively.

 

Key Responsibilities

Security assessments of IT and Business projects following a defined SDLC, such as Agile. Participate in Agile projects as the security representative, driving good practice through consultancy. Senior stakeholder management of cybersecurity related escalations and GIS priorities Manage control exemptions/remediations identified through projects. Provide technical security guidance where required. Implement and monitor standards with regional\outsourced IT and Development. Collaborate and guide IT and Business units, to correct non-compliant processes. Identify gaps in technical security policy and process, help develop standards and processes. Provide security oversight of IT delivery processes. Assist strategic global and regional security project deployment within NA. Provide metrics for relevant areas of responsibility when required.

 

Qualifications/Requirements

Bachelor’s Degree from an accredited college or university in Information Security, Information Technology, Computer Science, or a related technical degree At least 3-5 years’ IT experience, working in a technical discipline.  At least 3-5 years’ working experience of security technologies. At least 3-5 years’ experience working in a technical role, with exposure to senior management. Good knowledge of security technology, with proven ability to apply knowledge to use case. Excellent communication skills, ability to explain technical issues to mixed audience ranging from technical to business, project management to leadership. Knowledge of project lifecycles, with working experience of Agile, Waterfall and CI/CD project methodologies Good understanding of IT technologies such as networking, servers, IOT etc. Demonstrated ability to understand and analyze complex business processes and technologies to make sound recommendations to constituents. Experience interpreting and applying information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) Knowledge of securing cloud platforms and applications.

Job Requisition – Technical Security Analyst

Chubb is the world’s largest and most profitable publicly traded insurer with operations in 54 countries with a premier brand reputation.  Chubb is distinguished by its extensive product and service offerings, broad distribution capabilities, exceptional financial strength, risk expertise, underwriting discipline, service excellence, superior claims handling expertise, and local operations globally. 

Description

The Technical Security Analyst will work on Technical Security team as a member of the wider North America RISO team. The technical team provides security guidance and advisory services to other IT stakeholders, focusing on project security and security related improvements to IT and business. The role reports directly to the Head of Technical Security NA, responsible for leading the regional technical security team. Key responsibilities for the role include providing security advice to regional IT projects in Chubb’s SDLC, security assessments for changes, reporting and metrics, and CIO support.

Required Skills

Application Security 

Well versed in application security principles, practices, and standards. Working knowledge of CI/CD pipelines, automation, and methods to secure. Knowledge of authentication and authorization processes and technologies. Experience with interpreting results of security scanning tools, including SAST/DAST/SCA/IAST/Infra Vulnerability Scans, and advising with remediation.

Reporting and Automation

Gathering, understanding, and presenting security metrics. Experience working with BI tools (Qlik preferred). Experience with automating business processes (Power Automate preferred).

Communications

Strong verbal and written communication skills to articulate security concepts to technical and non-technical stakeholders. Demonstrated ability to work collaboratively with cross-functional teams, including other security functions and business units. Ability to provide awareness on application security concepts for developers and other staff.

Additional Skills

Proactive attitude towards learning and staying current with security trends and emerging threats. Ability to adapt to a dynamic work environment and manage multiple tasks effectively.

 

Key Responsibilities

Security assessments of IT and Business projects following a defined SDLC, such as Agile. Participate in Agile projects as the security representative, driving good practice through consultancy. Senior stakeholder management of cybersecurity related escalations and GIS priorities Manage control exemptions/remediations identified through projects. Provide technical security guidance where required. Implement and monitor standards with regional\outsourced IT and Development. Collaborate and guide IT and Business units, to correct non-compliant processes. Identify gaps in technical security policy and process, help develop standards and processes. Provide security oversight of IT delivery processes. Assist strategic global and regional security project deployment within NA. Provide metrics for relevant areas of responsibility when required.

 

Qualifications/Requirements

Bachelor’s Degree from an accredited college or university in Information Security, Information Technology, Computer Science, or a related technical degree At least 3-5 years’ IT experience, working in a technical discipline.  At least 3-5 years’ working experience of security technologies. At least 3-5 years’ experience working in a technical role, with exposure to senior management. Good knowledge of security technology, with proven ability to apply knowledge to use case. Excellent communication skills, ability to explain technical issues to mixed audience ranging from technical to business, project management to leadership. Knowledge of project lifecycles, with working experience of Agile, Waterfall and CI/CD project methodologies Good understanding of IT technologies such as networking, servers, IOT etc. Demonstrated ability to understand and analyze complex business processes and technologies to make sound recommendations to constituents. Experience interpreting and applying information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) Knowledge of securing cloud platforms and applications.