Information Security Manager – APAC

Purpose

Are you interested in spearheading cybersecurity excellence in a growth and diverse region? Chubb is seeking a seasoned Information Security Manager to lead our information security initiatives across multiple countries in the APAC region. This is a unique opportunity to make a significant impact by shaping the regional security culture and enabling business to thrive securely. 

As Information Security Manager, you will be responsible for safeguarding Chubb’s operations by leading the countries cybersecurity mandate, fostering a strong security culture, and ensuring compliance with security standards. This role covers a portfolio of multiple country business and requires strong relationship management and influencing skill, as well as in-depth security knowledge and understanding of the regional cyber regulatory landscape. 

The incumbent will be a senior member of the APAC RISO Information Security team, part of Global Information Security (GIS). 

Ability to drive and support the GIS agenda consistently across a growing, highly complex geography and diverse working culture is critical success criteria for the role. 

Strategy and Program Leadership 

• Lead the Information security program across assigned countries​ 
• Ensure implementation of CISO priorities owned by business CIOs & delivery teams, acting as escalation point​ 
• Embed security into business requirements ​ 
• Provide transparency & insights to the GIS leadership on program deployment and security strategy requirements 

Security Governance​

• Chair monthly meetings to review the GIS program status, risk exposure, and support CIO & COO to drive risk mitigation plan​ 
• Represent GIS in quarterly business reviews, enterprise risk management committees and country board meetings​ 
• Review risk and performance indicators, CIO scorecards and act as escalation point to drive the risk to appetite​ 

Transformation & Integration, M&A​ 

• Lead security planning and resourcing to scale and support business growth​ 
• Provide leadership and security expertise to Business executive on integration programs and M&A activities​ 

Issue and Exception Management​ 

• Review and challenge control deviations, perform risk assessments and provide remediation recommendations​ 
• Ensure new issues and exceptions align with the GIS Cyber Governance framework​ 
• Review and challenge issue remedial plans, engage owners for risk-based remediation and escalate overdue issues for rectification​ 

​

Security Risk Assessment​

• Ensure new technology initiatives and changes are built with security by design in collaboration with security architecture and technical security teams ​ 
• Provide security advisory support to assist business and technology comply with GIS security policies and standards​ 
• Identify thematic and systematic security risks in business process, application and infrastructure​ 
• Perform risk assessment and provide recommendation for mitigation​ 
• Liaise with business and technology leadership to drive the remedial plan​ 
• Provide update to GIS management for the remedial plan and progress 
• Maintain effective relationships with senior business leaders and partners (CIO, COO, CRO, President, Business executives)​ 
• Influence executives to support cyber security risk management improvements​ 
• Raise awareness of Cyber threats, ensuring adequate coverage for business’ information security program​ 
• Regulatory, audit and client engagement​ 

Stakeholder Management​

• Identify cyber and information security requirements applicable to the Business in partnership with Legal & Compliance function​ 
• Perform gap assessment against new cyber regulations. Engage GIS domain SME as appropriate to define action plans​ 
• Lead audit, client and regulatory cyber engagements  

Incident Response​

• Oversee, support and report on business security incidents in collaboration with Global SOC, the Privacy function, and the regional executive teams. ​ 
• Bachelor’s degree in computer science, Information Systems, or a related field (preferred). 
• Professional certifications such as CISSP, CISM, or equivalent (preferred). 
• Familiarity with the insurance industry (preferred) 
• Extensive experience (10+ years) in information security, with expertise in implementing and leading security programs across geographic portfolios. 
• Strong knowledge of industry standards and frameworks (e.g., ISO 27001, NIST CSF, ISF SoGP). 
• Proven ability to influence senior stakeholders and align country, regional, and global security requirements. 
• A self-starter with strong interpersonal skills and the ability to work independently and in a matrixed format. 
• Strong verbal and written communication and presentation skills, including providing technical information effectively with non-technical audiences. 
• Experience with APAC regulatory compliance requirements related to information and cybersecurity, including familiarity with regional frameworks, standards, and regulations 
• Technical expertise in application security, infrastructure security, and vulnerability management.