Description

The Technical Security Analyst will work on Technical Security team as a member of the wider North America RISO team. The technical team provides security guidance and advisory services to other IT stakeholders, focusing on project security and security related improvements to IT and business. The role reports directly to the Head of Technical Security NA, responsible for leading the regional technical security team. Key responsibilities for the role include providing security advice to regional IT projects in Chubb’s SDLC, security assessments for changes, reporting and metrics, and CIO support.

Required Skills:

Application Security 

Well versed in application security principles, practices, and standards. Familiar with OSWASP Top 10 Working knowledge of CI/CD pipelines, automation, and methods to secure. Knowledge of integrating authentication and authorization processes with applications Experience with interpreting results of vulnerability management tools, including SAST/DAST/SCA/IAST/Infra Vulnerability Scans, and advising with remediation.

Network Security

Understanding of Network security principles and best practices Knowledge of secure protocols, network security tools Ability to analyze network connectivity requests to see if they are secure The importance of a DMZ, and 3 tier architecture Understanding the importance and difference of different firewall technologies

Identity and Access Management

Explanation of different authentication methods Understanding of Privileged Access Management Can show the importance of segregation of duties and explain what it is Verifying employees are following proper authentication standards 

Data Security

Ability to explain the concept of data classification and what controls are needed depending on the classification Understand how and when data needs to be encrypted/protected both in transit and at rest Has experience with security best practices with different types of database technologies Knows the difference between ALE, TDE, FLE and tokenization Understands best practices around database authentication

Reporting and Automation

Gathering, understanding, and presenting security metrics. Experience working with BI tools (Qlik preferred). Experience with automating business processes (Power Automate preferred).

Communications

Strong verbal and written communication skills to articulate security concepts to technical and non-technical stakeholders. Demonstrated ability to work collaboratively with cross-functional teams, including other security functions and business units. Ability to provide awareness on application security concepts for developers and other staff.

 

 

Additional Skills

Proactive attitude towards learning and staying current with security trends and emerging threats. Understanding of application security principles and various types of testing that typically  Understanding of program/application/system from all angles of security, providing assurance that these application/programs/systems are following all of Chubb’s Security standards. 

Key Responsibilities

Security assessments of IT and Business projects following a defined SDLC, such as Agile. Participate in Agile projects as the security representative, driving good practice through consultancy. Senior stakeholder management of cybersecurity related escalations and GIS priorities Manage control exemptions/remediations identified through projects. Provide technical security guidance where required. Implement and monitor standards with regional\outsourced IT and Development. Collaborate and guide IT and Business units, to correct non-compliant processes. Identify gaps in technical security policy and process, help develop standards and processes. Provide security oversight of IT delivery processes. Assist strategic global and regional security project deployment within NA. Provide metrics for relevant areas of responsibility when required.

 

Bachelor’s Degree from an accredited college or university in Information Security, Information Technology, Computer Science, or a related technical degree At least 5-10 years’ IT experience, working in a technical discipline.  At least 5-10 years’ working experience of security technologies. At least 5-10 years’ experience working in a technical role, with exposure to senior management. Good knowledge of security technology, with proven ability to apply knowledge to use case. Excellent communication skills, ability to explain technical issues to mixed audience ranging from technical to business, project management to leadership. Knowledge of project lifecycles, with working experience of Agile, Waterfall and CI/CD project methodologies Good understanding of IT technologies such as networking, servers, IOT etc. Demonstrated ability to understand and analyze complex business processes and technologies to make sound recommendations to constituents. Experience interpreting and applying information security standards and frameworks (e.g., ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework, etc.) Knowledge of securing cloud platforms and applications.

The pay range for the role is $85,400 to $135,600. The specific offer will depend on an applicant’s skills and other factors. This role may also be eligible to participate in a discretionary annual incentive program.  Chubb offers a comprehensive benefits package, more details on which can be found on our careers website.  The disclosed pay range estimate may be adjusted for the applicable geographic differential for the location in which the position is filled.