Global Head Information Security Advisory
IT - Information Technology
Estimated Travel Percentage (%): Up to 25%
Relocation Provided: No
American International Group, Inc.
This executive is accountable for leading Information Security Advisory and Innovation functions at AIG and its affiliates. Security Advisory and Innovation includes the people, processes and technologies responsible for assessing the effectiveness of AIG's security systems and processes as well as providing security consulting to the business' developers, system design and engineering functions. As financial services delivery grows increasingly dependent on new technology platforms, and an increasing level of regulatory requirements demand additional risk management rigor, AIG must implement highly resilient, reliable and effective solutions that exceed performance standards found in financial services and other information rich industries.
This position will be highly engaged with senior level executives across AIG and throughout the Financial services Industry.
INTERNAL AIG RELATIONSHIPS
- AIG IT Executive Council
- CTO Office
- Internal Audit Services
- Physical Security
- Technology Risk Office
- Direct Reports & Staff
- Program Office Leadership
- Finance, Human Resources, Communications and IT Partners
- Business Partners
- Federal and State Regulatory Authorities
- Security Standards Forums
- External Financial Services Partners and Key Constituents
Under the direction of the Global Head of Assessments and Effectiveness the essential duties and responsibilities include, but are not limited to, the following:
- Overall accountability for developing a world class information security advisory and innovation function, with an initial focus on security of new technology platforms and emerging solution delivery methodologies such as DevOps, big data, cloud computing, application containers, workload orchestrators (such as Kubernetes, Mesos etc.) and mobile computing (inclusive of edge devices such as smart power strips in data centers, building management systems and network connected physical security systems). Activities include:
- Understanding the business processes and use cases that are being supported by these new technology paradigms
- Developing abuse cases and automate threat modeling activities
- Developing approaches to rapidly assess the risks posed by these emerging paradigms
- Evaluate, prototype and implement innovative security tools (such as RASP - Run Time Application Security Protection, application container-aware threat monitoring and attack prevention solutions) and services to support new technology platforms at AIG
- Modernize existing security consulting function inclusive of refreshing and standardizing the request intake process, defining measures and developing measurement techniques for measuring customer satisfaction to aid in process improvement activities, standardizing customer experience and delivering on agreed upon SLA (service level agreements).
- Developing and executing on a cutting edge strategy to scale SDL (Security Development Lifecycle) activities at AIG. SDL activities to include software supply chain at AIG (inclusive of 3rd party vendor software libraries as well as open source libraries).
- Develop capabilities to periodically perform advanced threat simulation (red team - blue team) exercises. The purpose of these exercises is to mimic real world threat actors and test the effectiveness of the information security capabilities within AIG.
- Oversee the analysis of business requirements and the subsequent interpretation into security requirements internally and externally.
- Establish credibility as a trusted advisor to stakeholders including customers, executives, peers, and employees.
- Provide guidance and direction on security topics to AIG businesses.
- Interacts with IT Sr. leaders, Business Sr. Leaders and vendors to evaluate security of solutions and offerings and communicates risks associated with them.
- Responsible for testing the effectiveness of all security globally across all data centers and office locations.
- Provides R&D services to all of IT security as well as business lines who have cyber security as a part of their line of business (e.g. - consumer specific innovation projects)
- Ensures effectiveness of all security solutions including those that reside in non IT managed locations
Build a high performance team
- Develops and mentors staff and managers to achieve career goals and maintain leadership succession planning.
- Leads cross-functional teams to define objectives, strategies and domain performance metrics.
- Evaluates and utilizes outside consultants to support AIG's security capabilities.
COMPLIANCE AND INTEGRITY
· Models and reinforces ethical behavior in self and others in accordance to the Principles of Responsibility, adheres to organizational policies and guidelines, supports compliance initiatives, maintains confidences, admits mistakes, conducts business with honesty, shows consistency in words and actions, and follows through on commitments.
· Regional leaders are accountable for communication, implementation, enforcement, monitoring, and oversight of compliance policies and practices in their departments.
SHORT- AND LONG-TERM ACCOUNTABILITIES
· Strategic/Systems Thinking: Designs and refines organizational strategy (5+ years) tied to vision and based on Business Unit alignment, market differences, financial services and insurance industry.
· Customer Orientation: Sponsors key initiatives at the organizational level to enhance Information Security by delivering messages, pushing for change, providing resources, and generating excitement.
· Decisiveness: Uses understanding of key business goals and strategies to make decisions that address key business threats and opportunities.
· Communication: Consistently and persistently ensures that vision of AIG and Information Security is clearly communicated to key leaders and that they are able to help others translate the vision into action.
· Influence: Achieves long-term strategies by marshaling resources and successfully selling ideas to key leaders in IT, Business Units, Legal, HR, financial services industry, and community.
· Change Leadership: Takes proactive role by: (1) articulating a compelling vision of change; (2) anticipating and overcoming potential obstacles; and (3) bringing out conflicts among the leadership group for discussion and resolution.
· Partnership: Strategically partners with other AIG leaders. Sustains organizational partnerships during periods of change and adversity.
· Team Focus: Models collaboration in building plans and strategies to enhance organizational clarity. Adapts management style to enable optimal team performance.
· Results Orientation: Invests significant resources towards opportunities for radical improvement—setting standards for growth, quality, and service that assure AIG's place as the market leader.
· Confidence/Initiative: Acts on a 5+ year planning horizon and is willing to take action in the face of significant cost and/or uncertainty. Confronts AIG leaders honestly and directly when in disagreement.
· Reward/Recognition: Establishes and maintains a culture that values accomplishment and effort.
· Cultural Competence: Develops and supports long-range diversity initiatives that improve market penetration, enhance leadership makeup, and create a culture that values diversity.
· Develops Others: Promotes the visibility of current and future leaders and supports them in their development to ensure AIG's future leadership requirements are met.
· Personal Development: Keeps abreast of external environment and applies knowledge. Aligns personal development strategies with AIG performance improvement needs. Embraces executive feedback/coaching opportunities.
- Bachelor's degree in related field (Business, Financial services, IT, Information Security, Computer Engineering, Computer Science etc.); Master's preferred.
- 10 years of escalating managerial work-experience in a highly diversified organization. 10+ years of increasing responsibility and work complexity to include progressive management roles in large, complex organizations.
- Demonstrated experience creating effective security strategies.
- Expert knowledge of existing and emerging attacks, and mitigation methods, with special focus on emerging technologies.
- Experience in a leadership position of a Big 4 consulting firm.
- AWS, Microsoft Azure, Cloud, Application Containers (inclusive of Orchestrators), Mobile and Big Data Security knowledge.
- Extensive knowledge of information security technologies, methods, standards, and processes.
- Knowledge of compliance, legal, internal / external audit & regulatory requirements.
- Strong expertise in the collaboration, facilitation and coordination of the mitigation of risks.
- Strong problem solving and program execution skills. Ability to prioritize and drive difficult decisions among business partners.
- Ability to solve very complex security issues that span legal, compliance and regulatory obligations across various lines of business and shared service areas of the company.
AIG CORE BEHAVIORS
· Focuses on the Customer
· Takes Accountability
· Drives for Results
· Communicates Effectively
· Champions Innovation and Change
· Develops Self/Others
AIG LEADERSHIP BEHAVIORS
· Thinks and Acts Strategically
· Exerts Influence
· Demonstrates Business Acumen
· Makes Effective Decisions
· Solves Problems through Planning and Analysis
· Leverages Technology
· Demonstrates Resource Stewardship
· Demonstrates Creativity
· Pays Attention to Detail
· Deals with Ambiguity
It has been and will continue to be the policy of American International Group, Inc., its subsidiaries and affiliates to be an Equal Opportunity Employer. We provide equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.
At AIG, we believe that diversity and inclusion are critical to our future and our mission - creating a foundation for a creative workplace that leads to innovation, growth, and profitability. Through a wide variety of programs and initiatives, we invest in each employee, seeking to ensure that our people are not only respected as individuals, but also truly valued for their unique perspectives.