This executive is accountable for leading Information Security Advisory and Innovation functions at AIG and its affiliates. Security Advisory and Innovation includes the people, processes and technologies responsible for assessing the effectiveness of AIG’s security systems and processes as well as providing security consulting to the business’ developers, system design and engineering functions.
As financial services delivery grows increasingly dependent on new technology platforms, and an increasing level of regulatory requirements demand additional risk management rigor, AIG must implement highly resilient, reliable and effective solutions that exceed performance standards found in financial services and other information rich industries.
This position will be highly engaged with senior level executives across AIG and throughout the Financial services Industry.
INTERNAL AIG RELATIONSHIPS
- AIG IT Executive Council
- CTO Office
- Internal Audit Services
- Physical Security
- Technology Risk Office
- Direct Reports & Staff
- Program Office Leadership
- Finance, Human Resources, Communications and IT Partners
- Business Partners
- Federal and State Regulatory Authorities
- Security Standards Forums
- External Financial Services Partners and Key Constituents
Under the direction of the Global Head of Assessments and Effectiveness the essential duties and responsibilities include, but are not limited to, the following:
- Overall accountability for developing a world class informationsecurity advisory and innovation function, with an initial focus onsecurity of new technology platforms and emerging solution delivery methodologies such as DevOps,big data, cloud computing, application containers, workload orchestrators (such as Kubernetes, Mesos etc.) andmobile computing (inclusive of edge devices such as smart power strips in data centers, building management systems andnetwork connected physicalsecuritysystems). Activities include:
- Understanding the business processes and use cases that are being supported by these new technology paradigms
- Developing abuse cases and automate threat modeling activities
- Developing approaches to rapidly assess the risks posed by these emerging paradigms
- Evaluate, prototype and implement innovative security tools (such as RASP – Run Time Application Security Protection, application container-aware threat monitoring and attack prevention solutions) and services to support new technology platforms at AIG
- Modernize existing security consulting function inclusive of refreshing and standardizing the request intake process, defining measures and developing measurement techniques for measuring customer satisfaction to aid in process improvement activities, standardizing customer experience and delivering on agreed upon SLA (service level agreements).
- Developing and executing on a cutting edge strategy to scale SDL (Security Development Lifecycle) activities at AIG. SDL activities to include software supply chain at AIG (inclusive of 3rd party vendor software libraries as well as open source libraries).
- Develop capabilities to periodically perform advanced threat simulation (red team – blue team) exercises. The purpose of these exercises is to mimic real world threat actors and test the effectiveness of the information security capabilities within AIG.
- Oversee the analysis of business requirements and the subsequent interpretation into security requirements internally and externally.
- Establish credibility as a trusted advisor to stakeholders including customers, executives, peers, and employees.
- Provide guidance and direction on security topics to AIG businesses.
- Interacts with IT Sr. leaders, Business Sr. Leaders and vendors to evaluate security of solutions and offerings and communicates risks associated with them.
- Responsible for testing the effectiveness of all security globally across all data centers and office locations.
- Provides R&D services to all of IT security as well as business lines who have cybersecurity as a part of their line of business (e.g. – consumer specific innovation projects)
- Ensures effectiveness of all security solutions including those that reside in non IT managed locations
Build a high performance team
- Develops and mentors staff and managers to achieve career goals and maintain leadership succession planning.
- Leads cross-functional teams to define objectives, strategies and domain performance metrics.
- Evaluates and utilizes outside consultants to support AIG’s security capabilities.
SHORT- AND LONG-TERM ACCOUNTABILITIES
· Strategic/Systems Thinking: Designs and refines organizational strategy (5+ years) tied to vision and based on Business Unit alignment, market differences, financial services and insurance industry.
· Customer Orientation: Sponsors key initiatives at the organizational level to enhance Information Security by delivering messages, pushing for change, providing resources, and generating excitement.
· Decisiveness: Uses understanding of key business goals and strategies to make decisions that address key business threats and opportunities.
· Communication: Consistently and persistently ensures that vision of AIG and Information Security is clearly communicated to key leaders and that they are able to help others translate the vision into action.
· Influence: Achieves long-term strategies by marshaling resources and successfully selling ideas to key leaders in IT, Business Units, Legal, HR, financial services industry, and community.
· Change Leadership: Takes proactive role by: (1) articulating a compelling vision of change; (2) anticipating and overcoming potential obstacles; and (3) bringing out conflicts among the leadership group for discussion and resolution.
· Partnership: Strategically partners with other AIG leaders. Sustains organizational partnerships during periods of change and adversity.
· Team Focus: Models collaboration in building plans and strategies to enhance organizational clarity. Adapts management style to enable optimal team performance.
· Results Orientation: Invests significant resources towards opportunities for radical improvement—setting standards for growth, quality, and service that assure AIG’s place as the market leader.
· Confidence/Initiative: Acts on a 5+ year planning horizon and is willing to take action in the face of significant cost and/or uncertainty. Confronts AIG leaders honestly and directly when in disagreement.
· Reward/Recognition: Establishes and maintains a culture that values accomplishment and effort.
· Cultural Competence: Develops and supports long-range diversity initiatives that improve market penetration, enhance leadership makeup, and create a culture that values diversity.
· Develops Others: Promotes the visibility of current and future leaders and supports them in their development to ensure AIG’s future leadership requirements are met.
· Personal Development: Keeps abreast of external environment and applies knowledge. Aligns personal development strategies with AIG performance improvement needs. Embraces executive feedback/coaching opportunities.