AVP, IT Compliance

This position is responsible for the management, oversight, and continued maturation of Chubb’s North America Technology SOX Compliance program. This role ensures adherence to all applicable controls and provides leadership in the continued refinement of controls. The role-holder will be a trusted, critical partner to key business stakeholders and Internal Audit and External Audit teams. 

 

Responsibilities

Lead the design, implementation and monitoring of IT General Controls (ITGCs), IT Applications Controls (ITACs) and Software Development lifecycle (SDLC) requirements to ensure SOX compliance across the North America region Analyze global results and identify opportunities for continuous improvement of the global SOX control environment Partner and negotiate with internal, external, and regulatory auditors on scope/depth/risks/results of technology audits Drive the remediation of control deficiencies identified by the auditors to ensure the appropriate the root cause and the action plan is defined Understand and assess new processes and technologies (e.g., DevSecOps, cloud controls, large language models and other AI) and provide control guidance for new areas Communicate effectively across a large range of audiences, including executives Demonstrate cultural sensitivity while working across global boundaries 10+ years of increasing leadership experience across enterprise technology management: application development, information security, strategic planning, risk management, compliance monitoring, project management, operations and/or auditing7+ years of relevant IT Auditing experience with a public accounting firm and/or publicly traded company Deep understanding IT Sarbanes-Oxley compliance requirements including IT general controls and IT Application controls Demonstrated leadership competencies including business acumen, influence, inclusive team leadership, ownership, and integrity/courageB.S. or Masters in relevant field of studyDesired Certifications: Certified information systems security professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk, Information Security Controls (CRISC) and Certified Information Systems Auditor (CISA)