Apply on Employer Site

Chubb · 12 hours ago

Third Party Risk Analyst

Philadelphia, PA

Full-time

Onsite

Senior Level

5+ years exp

Chubb is a world leader in insurance, providing diverse insurance products globally. The Third Party Risk Analyst will manage Third-Party Risk across the organization, conducting assessments focused on Cyber Security, AI, and Compliance, while collaborating with various teams to enhance risk management initiatives.

Commercial InsuranceFinancial ServicesHealth InsuranceInsuranceMortgageRisk Management

Responsibilities

Lead and complete Chubb’s inherent risk ranking for all suppliers, ensuring full compliance with the Global Third-Party Cyber Risk policy; collaborate closely with the Global Third-Party team and Business Relationship Owners

Conduct risk assessments for Cloud and AI providers

Identify, track, and resolve issues and control deficiencies related to third parties; coordinate with business owners to drive remediation activities

Maintain and update the Information Security Third Party Inventory and Issues Register, aligning with the Enterprise Risk Management strategy

Perform and deliver Third Party Cyber Risk assessments initiated by the business

Execute, manage, and oversee Third Party assessments to ensure compliance with applicable SLAs

Review and evaluate information security policies, standards, guidelines, and baselines, both existing and in development

Support internal security reporting, including preparing materials for steering committees and senior management updates

Manage Third-Party related information security projects

Develop and enhance the program, advancing current and future improvements to increase effectiveness and efficiency

Support the TPCR Regional Lead and actively engage with the broader Information Security team

Qualification

Third-party risk managementInformation securityRisk assessmentsComplianceCybersecurity frameworksEGRC systemsBusiness acumenAnalytical skillsDecision-makingCommunication skills

Required

Demonstrates advanced business acumen, ideally within regulated or financial sectors

Possesses over five years of specialized experience in information security, focusing on risk assessments, controls, governance, risk management, program development, compliance, and auditing; proven track record in supporting or managing third-party risk assessment programs is required

Holds expert-level proficiency in both business and technical domains of information security, including third-party security risk and European data protection regulations

Skilled in analyzing complex business processes and technologies, with the ability to provide clear, actionable recommendations to non-technical stakeholders

Brings a robust technical foundation across distributed systems, mainframe environments, databases, and web-based application development

Excels in risk-based analysis and decision-making

Experienced in interpreting and applying information security standards and frameworks (such as ISO/IEC 27001/27002, PCI-DSS, NIST Cybersecurity Framework) and attestation reports (such as SOC 1/2)