Chubb logo

Global Head of DevOps Services

Chubb
18 hours ago
Full-time
On-site
Jersey City, New Jersey, United States
Description

Global Head of DevSecOps

Position Overview

Chubb is seeking an exceptional leader to build and scale our DevSecOps function globally. You'll own the intersection of security, reliability, and developer velocity—architecting automation and enforcement mechanisms that make security invisible to developers while maintaining absolute control and visibility. This is a hands-on technical leadership role for someone who codes, influences, and drives organizational transformation.

You'll report directly to the Global Head of Engineering and own the strategic vision for security automation, deployment verification, compliance enforcement, and developer enablement across Chubb's engineering organization. You need to be well versed in AI-enabled software engineering and agentic AI DevSecOps design, deployment and operations. 

Key Responsibilities

Automation & Enforcement

  • Design and implement foundational DevSecOps platforms that automate security policy enforcement across CI/CD pipelines, infrastructure-as-code, container registries, and deployment systems
  • Build verification systems that provide real-time evidence of compliance, vulnerability remediation, and security posture—eliminating manual audits
  • Establish automation-first culture: every security control must be code-driven, testable, and self-service
  • Lead technical architecture decisions for secrets management, supply chain security, and artifact signing
  • AI native software engineering expert

 

Developer Experience

  • Make security frictionless: design tools and workflows so developers want to follow security practices
  • Own the "shift left" strategy—move security testing, scanning, and validation to local development and early CI stages
  • Build dashboards, APIs, and CLIs that give developers transparency into their security posture without overwhelming them
  • Champion zero-friction onboarding: new engineers should inherit secure defaults with minimal training

 

Hands-On Technical Leadership

  • Code regularly in your areas of leverage 
  • Pair with teams on high-impact automation projects; stay in the trenches on the hardest technical problems
  • Own critical-path infrastructure: build and maintain your team's CI/CD platforms, secrets systems, and policy engines
  • Drive incident response for security and reliability issues; be the expert responder, not just the director

 

Organizational Influence & Change

  • Partner with engineering leaders to shift security ownership: security is not a gate, it's engineering culture
  • Communicate transparently about risk, tradeoffs, and implementation status—especially when timelines slip or priorities conflict
  • Enforce standards without being perceived as a blocker; design policies that developers will adopt voluntarily
  • Build a high-impact, lean team (likely 8–15 leads) that punches well above its weight

 

Compliance & Risk

  • Own the evidence and documentation for SOC 2, ISO 27001, and regulatory audits—automate away manual compliance work
  • Drive continuous verification of security controls; eliminate the painful spring audits
  • Partner with Enterprise Risk and Legal on policy, but ensure the technical implementation is sound

 

What We're Looking For

Technical Chops

  • 12+ years of software engineering and DevOps experience; 5+ years building or scaling security/compliance automation at significant scale (100+ engineers)
  • Strong coding skills across multiple languages; comfortable shipping production code and debugging in production
  • Deep hands-on knowledge of: Kubernetes/container orchestration, CI/CD systems (GitHub Actions, Jenkins, Ansible are a must), policy-as-code (OPA), infrastructure-as-code, secrets management
  • Experience designing and owning high-availability, high-observability systems that must earn trust

 

Leadership & Influence

  • Proven track record of building and scaling engineering teams through hiring, mentorship, and technical direction
  • Ability to influence without authority: cross-functional alignment with product, infra, and risk teams
  • Comfort in ambiguity; can prioritize ruthlessly and say "no" to protect team capacity
  • Track record of driving organizational change in security/compliance without friction

 

Mindset

  • Automation obsessive: if it's done manually more than twice, it's a problem
  • Transparency and directness: you communicate bad news early, explain tradeoffs, and own mistakes
  • Developer-first thinking: you remember what it's like to be blocked by security and you solve for that
  • Learning hunger: security and DevOps evolve constantly; you stay sharp and drive continuous improvement


Qualifications

  • 5+ years in DevSecOps, platform engineering, or security engineering roles at scale (100+ engineers)
  • Production experience with Kubernetes and container security
  • Hands-on experience with policy-as-code, scanning (SAST, DAST, SCA), and secrets management
  • Experience designing and communicating compliance/audit evidence to non-technical stakeholders
  • Bachelor's degree in Computer Science, Engineering, or equivalent professional experience

 

Preferred

  • Experience at a regulated industry (financial services, healthcare, insurance)
  • Background in incident response or security operations
  • Open source contributions in DevSecOps or infrastructure tooling
  • Familiarity with zero-trust architecture or advanced threat detection
  • Familiarity with financial services compliance (SOC 2, PCI, NIST)
 What Success Looks Like (Year 1)
  • Security scan and policy checks are fully automated in all CI/CD pipelines; zero manual approval gates
  • Developer experience surveys show <10% friction with security tooling (vs. typical 40%+)
  • Compliance evidence is generated automatically; audit preparation time reduced by 80%
  • Team of 5–8 engineers hired and onboarded; clear technical roadmap for next 18 months
  • Zero critical security incidents that could have been prevented by automation
 

Location

Global role with flexibility on location; primary hub preferred to be New Jersey, Philly or India. 

The pay range for the role is  $240,000 to  $280,000. The specific offer will depend on an applicant’s skills and other factors. This role may also be eligible to participate in a discretionary annual incentive program.  Chubb offers a comprehensive benefits package, more details on which can be found on our careers website.  The disclosed pay range estimate may be adjusted for the applicable geographic differential for the location in which the position is filled.Â