Third Party Risk Analyst
Company: Chubb
Location: Philadelphia
Posted on: April 2, 2026
|
|
|
Job Description:
Description In this role, you will drive the management of
Third-Party Risk across the Chubb organization. Your primary
responsibilities include conducting in-depth third-party control
assessments focused on Cyber Security, Artificial Intelligence
(AI), Privacy, Business Continuity, Physical Security, and
Compliance. Leveraging advanced AI-driven solutions, you will
perform initial control assessment reviews, enabling you to
proactively and efficiently identify emerging risks. You will be
accountable for identifying and tracking control issues through to
remediation, maintaining a current and accurate third-party
inventory, and compiling regional monthly metrics for executive
management. Excelling in these areas will position you to
contribute to strategic initiatives that strengthen and advance
Chubb’s third-party risk management program, directly impacting the
organization’s cybersecurity posture. In this role, you will: Lead
and complete Chubb’s inherent risk ranking for all suppliers,
ensuring full compliance with the Global Third-Party Cyber Risk
policy; collaborate closely with the Global Third-Party team and
Business Relationship Owners Conduct risk assessments for Cloud and
AI providers Identify, track, and resolve issues and control
deficiencies related to third parties; coordinate with business
owners to drive remediation activities Maintain and update the
Information Security Third Party Inventory and Issues Register,
aligning with the Enterprise Risk Management strategy Perform and
deliver Third Party Cyber Risk assessments initiated by the
business Execute, manage, and oversee Third Party assessments to
ensure compliance with applicable SLAs Review and evaluate
information security policies, standards, guidelines, and
baselines, both existing and in development Support internal
security reporting, including preparing materials for steering
committees and senior management updates Manage Third-Party related
information security projects Develop and enhance the program,
advancing current and future improvements to increase effectiveness
and efficiency Support the TPCR Regional Lead and actively engage
with the broader Information Security team Qualifications
Demonstrates advanced business acumen, ideally within regulated or
financial sectors Possesses over five years of specialized
experience in information security, focusing on risk assessments,
controls, governance, risk management, program development,
compliance, and auditing; proven track record in supporting or
managing third-party risk assessment programs is required Holds
expert-level proficiency in both business and technical domains of
information security, including third-party security risk and
European data protection regulations Skilled in analyzing complex
business processes and technologies, with the ability to provide
clear, actionable recommendations to non-technical stakeholders
Brings a robust technical foundation across distributed systems,
mainframe environments, databases, and web-based application
development Excels in risk-based analysis and decision-making
Experienced in interpreting and applying information security
standards and frameworks (such as ISO/IEC 27001/27002, PCI-DSS,
NIST Cybersecurity Framework) and attestation reports (such as SOC
1/2) Experience with eGRC systems or similar system administration
is highly advantageous
Keywords: Chubb, North Bergen , Third Party Risk Analyst, IT / Software / Systems , Philadelphia, New Jersey
