Job Description

English follows Japanese:

職務目的 Job Purpose

Japan Business Service DeliveryBSDリードはアプリケーションのセキュリティ態勢の向上およびビジネスITチームにおけるサイバーセキュリティ関連の優先事項を推進する役割を担います

各種業界標準関連法規社内ITポリシーおよび基準への準拠を確保しながらInformation Security OfficeISOグローバルインフラストラクチャテクノロジーリスク各ビジネスユニットGIEnterprise Systemsと連携しサイバーセキュリティ態勢の維持強化に向けた統制および計画策定を支援します

主な職務内容 Job Responsibilities

本ポジションはセキュリティレビューの実施調整ならびにAIG Japan 全体のセキュリティガバナンスプロセスの統合および改善に関わる各種業務を担当します

• 会社の情報セキュリティ戦略に基づき地域ビジネスユニット全体におけるサイバーセキュリティ態勢の実装維持強化を主導する
• グローバルISOチームと連携し透明性やコミュニケーションなどグローバルの要件を満たしたサイバーセキュリティサービスを提供
• 重要なビジネスプロセスやシステム各事業部特有のセキュリティニーズを把握し全体のサイバーセキュリティ戦略に反映
• システムアプリケーションの改善パッチ適用設定管理EOL対応アップグレード等監視ログ管理IAM関連のサイバーセキュリティプロジェクトの日常的な管理調整
• ISOポリシーおよび基準への準拠状況を追跡報告しISOおよびBSOリーダーシップと協働
• 各ビジネスユニットIT部門の信頼できるアドバイザーとしてサイバーリスク評価および改善方針策定を支援
• アプリケーションポートフォリオが基準再認定サイクルに従うようSoftware Security AssessmentSSAチームやセキュリティアーキテクトと連携
• リスク評価に基づくサイバーセキュリティ要件の技術的翻訳および助言を担当
• 地域ビジネスユニットやISOチームと連携しセキュリティ標準が遵守され改善施策が高品質で実施されるよう推進
• 他のISOリーダーと協働し戦略的戦術的施策を遂行し横断的な透明性コミュニケーションを強化
• 様々なデータソースから分析を行い重要なセキュリティリスクや改善提言を効果的にレポーティング
• グローバルサイバーディフェンスセンターGCDCからの脅威情報を確認し各ユニットの改善進捗を追跡
• 主要リスク指標をモニタリング評価し必要に応じて是正措置を提案推進
• テクノロジーリスクコントロールTRCと連携し規制要件が遵守されているか確認
• セキュリティインシデントに対し適切かつ迅速な対応を行い事業資産顧客ブランドへの影響を最小化
• プレゼン資料予算案要件定義一般的なプロジェクト仕様書などの作成
• 地域のサイバーセキュリティプロジェクト会議をリードし全体進捗を管理

主な関係者 Key Relationships

Internal Interactions 社内
(Within the Organization)

• Japan ISOCyber DefenseVulnerability ManagementGovernance Resiliency & EngagementGREThird Party Risk ManagementSecurity ArchitectureSecurity EngineeringIAM
• Global ISOBusiness Service DeliveryGCDCSSASRT
• Japan Technology Risk & Control
• Japan Business Unit IT
• Japanアプリケーション開発運用チーム
• Japan/Globalインフラサポートチーム

External Interactions 社外
(Outside the Organization)

• エージェンシー代理店Agency Representatives
• 外部ベンダー各社

求めるスキル経験 Required Skills and Experiences

学歴 Educational Qualification

• コンピューターサイエンス関連の学士号または同等の実務経験

語学要件 Specific Qualifications

• 日本語ネイティブレベル
• 英語中級レベルメール対応英文資料の読解グローバルとのミーティングにおける会話

経験 Total Experience

• 情報セキュリティリスク管理アプリケーション開発インフラ管理のいずれかにおける 10 年以上の経験グローバル金融業界であれば尚可
• 情報セキュリティリスク管理領域の 5 年以上の経験必須
• セキュリティチームのリード経験複雑な環境での実績
• CrowdStrikeQualysVeracodeTaniumImperva 等のツール使用経験
• 以下資格あれば尚可CISSPCISMCISACRISCCGEIT
• 開発アーキテクチャに関する知識特にセキュリティ観点
• アプリケーションのサイバーリスクを多層で評価できるスキル
• セキュリティリスクとビジネスインパクトを明確に説明できる能力
• リスク管理原則セキュリティメトリクスの運用経験
• 周囲を巻き込み推進するリーダーシップ
• 個人貢献者としても働ける高い影響力
• プロジェクト管理問題解決分析能力PMP歓迎
• 高いコミュニケーション能力資料作成含む
• 複数タイムゾーンでの業務経験
• 自律的に業務を遂行できる方
• 金融保険業界経験者歓迎
• グローバル環境下での業務経験海外規制への理解歓迎
• 高い組織力時間管理能力
• サイバーセキュリティ分野のスキル向上への強い意欲

Job Purpose

The Japan Business Service Delivery Lead will be responsible for driving the improvement of the application security posture and supporting cybersecurity priorities across the business information technology teams by ensuring compliance to relevant industry standards regulations and internal IT policies and standards. This role will engage with various control towers across Information Security Office (ISO) Global Infrastructure Technology Risk and the Business Units (BUs General Insurance and Enterprise Systems) to help govern and develop plans to maintain a strong cybersecurity posture.

Job Responsibilities

Key responsibilities of this position would involve capability of performing and organizing security reviews as well as performing tasks focused on integration & enhancement of security governance processes throughout AIG Japan.

• Lead delivery of the Companys information security strategy across the regional business units by driving the implementation maintenance and enhancement of AIG cybersecurity posture.
• Collaborate with global Information Security Office leaders and colleagues to ensure applicable business requirements related to global cyber security service delivery are met such as transparency and communication.
• Identify and understand key business processes systems and specific security needs critical to regional business units and ensure they are incorporated into the overall cybersecurity strategy.
• Provide day to day oversight and coordination across the regional business units for cybersecurity projects specifically system and application remediation (patching settings EOL/upgrades) monitoring and logging identity and access management.
• Track and report compliance with ISO policies and standards in coordination with the ISO and BSO leadership team.
• Act as a trusted advisor to the regional business unit CIO organization for cybersecurity risk assessment and articulation while also assisting the development of remediation strategies.
• Partner across multiple regional business units and infrastructure services on security initiatives and services.
• Work with the Software Security Assessment (SSA) team and Security Architects to ensure application portfolios adhere to standards and recertification cadence.
• Serve as a subject matter expert / technical lead in translating c ybersecurity requirements based on risk assessment
• Partner with the regional business units and ISO teams to ensure security standards are followed enforced and solutions delivered to improve security are implemented at a high quality.
• Collaborate with other ISO leads to deliver tactical and strategic work and provide transparency and communications horizontally to all regional business unit Project Managers.
• Use analytics to extract key insights from various data stores and deliver reporting to effectively communicate critical security risks and actionable recommendations.
• Review threat intelligence feeds from company Global Cyber Defense Center and track remediation progress across regional business units.
• Monitor evaluate and report key risk performance metrics recommending corrective action programs as appropriate and drive remediation activities to completion.
• Work with Technology Risk and Controls (TRC) to ensure that regulatory security requirements are being met by the regional business units.
• Ensure security issues are addressed with timely appropriate responses to minimize the impact to the businesses or its assets customers or reputation.
• Prepare formal presentations budgets business requirements and general project specifications.
• Provide regional cybersecurity project oversight and coordination by leading cybersecurity project meetings communicating project status assessing project risk/issues developing mitigation and remediation plans with both project staff and senior leadership ensuring appropriate delivery while balancing business impact.
• Work with regional teams to embrace scope and budgetary requirements.
• Lead a team of high performing professionals of diverse perspectives.

Key Relationships

Internal Interactions
(Within the Organization)

• Japan ISO - Cyber Defense Vulnerability Management Governance Resiliency and Engagement (GRE) Third Party Relationship Management Security Architecture Security Engineering Identity and Access Management
• Global ISO Business Service Delivery Global Cyber Defense Center (GCDC) Software Security Assessment Team (SSA) Security Remediation Team (SRT)
• Japan Technology Risk and Control
• Japan Business Unit IT Representatives
• Japan Application Development and Support Teams
• Japan/Global Technology Infrastructure Support Teams

External Interactions
(Outside the Organization)

• Agency Representatives
• External Vendors

Required Skills and Experiences

Educational Qualification

• Bachelors degree in Computer Science or equivalent work experience

Specific Qualifications

• Language proficiency in Japanese at Native level. Intermediate level English (email communication and reading English materials conversations at meetings with Global counterparts)

Total Experience

• 10 years of total experience in Information Security and Risk Management and/or related technology functions in application development infrastructure management of business applications required preferably in a global financial services firm.
• 5 years Information Security and Risk Management experience required.
• Prior experience leading security teams and a proven track record of success in complex environments.
• Experience with cybersecurity controls and tools like CrowdStrike Qualys Veracode Tanium and Imperva.
• Security Certifications a plus: CISSP CISM CISA CRISC CGEIT.
• Knowledge of development and architecture frameworks with strong focus on cybersecurity.
• Strong understanding of application development architecture and techniques and ability to assess application cyber-risk across all layers of the business application.
• Ability to communicate security risks and business impact clearly to all levels of the organization.
• Knowledge and experience implementing risk management principles and security metrics.
• Ability to positively influence the behavior of peers and build relationships with other teams.
• Ability to work as an individual contributor but with significant influencing skills.
• Excellent Project Management problem solving and analytical skills; PMP certification a plus.
• Strong communication and presentation skills both verbal and written; MS PowerPoint a plus.
• Ability to work in a fast-paced environment and across multiple time zones.
• Detail oriented self-starter who can work independently with minimal supervision.
• Experience in financial or insurance industry preferred.
• Experience operating in a global environment including familiarity with local laws and regulations in foreign countries.
• Strong organizational and time management skills
• Commitment to advancing skills in the cybersecurity field.

At AIG we value in-person collaboration as a vital part of our culture which is why we ask our team members to be primarily in the office. This approach helps us work together effectively and create a supportive connected environment for our team and clients alike.

Enjoy benefits that take care of what matters

At AIG our people are our greatest asset. We know how important it is to protect and invest in whats most important to you. That is why we created our Total Rewards Program a comprehensive benefits package that extends beyond time spent at work to offer benefits focused on your health wellbeing and financial securityas well as your professional developmentto bring peace of mind to you and your family.

Reimagining insurance to make a bigger difference to the world

American International Group Inc. (AIG) is a global leader in commercial and personal insurance solutions; we are one of the worlds most far-reaching property casualty networks. It is an exciting time to join us across our operations we are thinking in new and innovative ways to deliver ever-better solutions to our customers. At AIG you can go further to support individuals businesses and communities helping them to manage risk respond to times of uncertainty and discover new potential. We invest in our largest asset our people through continuous learning and development in a culture that celebrates everyone for who they are and what they want to become.

Welcome to a culture of inclusion

Were committed to creating a culture that truly respects and celebrates each others talents backgrounds cultures opinions and goals. We foster a culture of inclusion and belonging through learning cultural awareness activities and Employee Resource Groups (ERGs). With global chapters ERGs are a cornerstone for our culture of inclusion. The talent of our people is one of AIGs greatest assets and we are honored that our drive for positive change has been recognized by numerous recent awards and accreditations.

AIG provides equal opportunity to all qualified individuals regardless of race color religion age gender gender expression national origin veteran status disability or any other legally protected categories.

AIG is committed to working with and providing reasonable accommodations to job applicants and employees with disabilities. If you believe you need a reasonable accommodation please send an email to .

Functional Area:

Required Experience:

Manager

Job Tags

Similar Jobs