Information Security Manager – APAC

Are you interested in spearheading cybersecurity excellence in a growth and diverse region? Chubb is seeking a seasoned Information Security Manager to lead our information security initiatives across multiple countries in the APAC region. This is a unique opportunity to make a significant impact by shaping the regional security culture and enabling business to thrive securely.

As Information Security Manager, you will be responsible for safeguarding Chubb’s operations by leading the countries cybersecurity mandate, fostering a strong security culture, and ensuring compliance with security standards. This role covers a portfolio of multiple country business and requires strong relationship management and influencing skill, as well as in-depth security knowledge and understanding of the regional cyber regulatory landscape.

The incumbent will be a senior member of the APAC RISO Information Security team, part of Global Information Security (GIS).

Ability to drive and support the GIS agenda consistently across a growing, highly complex geography and diverse working culture is critical success criteria for the role.

Lead the Information security program across assigned countries

Ensure implementation of CISO priorities owned by business CIOs & delivery teams, acting as escalation point

Embed security into business requirements

Provide transparency & insights to the GIS leadership on program deployment and security strategy requirements

Chair monthly meetings to review the GIS program status, risk exposure, and support CIO & COO to drive risk mitigation plan

Represent GIS in quarterly business reviews, enterprise risk management committees and country board meetings

Review risk and performance indicators, CIO scorecards and act as escalation point to drive the risk to appetite

Lead security planning and resourcing to scale and support business growth

Provide leadership and security expertise to Business executive on integration programs and M&A activities

Review and challenge control deviations, perform risk assessments and provide remediation recommendations

Ensure new issues and exceptions align with the GIS Cyber Governance framework

Review and challenge issue remedial plans, engage owners for risk-based remediation and escalate overdue issues for rectification

Ensure new technology initiatives and changes are built with security by design in collaboration with security architecture and technical security teams

Provide security advisory support to assist business and technology comply with GIS security policies and standards

Identify thematic and systematic security risks in business process, application and infrastructure

Perform risk assessment and provide recommendation for mitigation

Liaise with business and technology leadership to drive the remedial plan

Provide update to GIS management for the remedial plan and progress

Maintain effective relationships with senior business leaders and partners (CIO, COO, CRO, President, Business executives)

Influence executives to support cyber security risk management improvements

Raise awareness of Cyber threats, ensuring adequate coverage for business’ information security program

Identify cyber and information security requirements applicable to the Business in partnership with Legal & Compliance function

Perform gap assessment against new cyber regulations. Engage GIS domain SME as appropriate to define action plans

Lead audit, client and regulatory cyber engagements

Oversee, support and report on business security incidents in collaboration with Global SOC, the Privacy function, and the regional executive teams.

Bachelor’s degree in computer science, Information Systems, or a related field (preferred).

Professional certifications such as CISSP, CISM, or equivalent (preferred).

Familiarity with the insurance industry (preferred)

Extensive experience (10+ years) in information security, with expertise in implementing and leading security programs across geographic portfolios.

Strong knowledge of industry standards and frameworks (e.g., ISO 27001, NIST CSF, ISF SoGP).

Proven ability to influence senior stakeholders and align country, regional, and global security requirements.

A self-starter with strong interpersonal skills and the ability to work independently and in a matrixed format.

Strong verbal and written communication and presentation skills, including providing technical information effectively with non-technical audiences.

Experience with APAC regulatory compliance requirements related to information and cybersecurity, including familiarity with regional frameworks, standards, and regulations

Technical expertise in application security, infrastructure security, and vulnerability management.

• Job Identification 25804
• Job Schedule Full time
• Regular or Temporary Regular
• Job Category Info Security and IT Compliance
• Business Unit Malaysia
• Legal Employer Chubb Asia Pacific Pte. Ltd.