Description:
American International Group, Inc. (AIG) is a leading global insurance organization. Building on 100 years of experience, today AIG member companies provide a wide range of property casualty insurance, life insurance, retirement solutions, and other financial services to customers in more than 80 countries and jurisdictions. These diverse offerings include products and services that help businesses and individuals protect their assets, manage risks and provide for retirement security.
Get to know the business
At AIG, technology is at the heart of everything we do, from underwriting risks to processing claims. The Information Technology team equips our colleagues with the latest tools to complete their work efficiently and with the highest standards of excellence. The team is responsible for shielding the company’s systems from security risks, while designing technology strategies that enable AIG’s businesses to achieve their goals. AIG’s Information Technology functions include enterprise architecture, software and systems engineering, cybersecurity, and technology risk and compliance.
About the role
What you need to know:
The Technology Risk & Controls, EMEA Head of Issues Management is an integral part of the Technology Risk and Controls (TRC) team. This position will be responsible for managing risk across UK, EMEA & LAC, and serving as a critical subject matter expert within the team. Key responsibilities will include but are not limited to managing the risk acceptance and remediation process, reporting on aggregated risk issues, and monitoring gaps through completion. This person will also be responsible managing issues across UK, EMEA & LAC.
- The ITRC EMEA Head of Issues Management is responsible for many critical initiatives, including the following:
- Manage the IT Risk Acceptance and Remediation process
- Work with senior IT, Risk, Security and Legal leadership across the UK, EMEA and LAC to understand and document risk or issues, pushing back on requests as needed
- Work with IT to consider alternate solutions to encourage remediation plans over risk acceptance, and remediation plans with a short timeframe where risk is higher
- Risk rate these issues based on detailed data
- Manage the request for risk acceptance or remediation through the entire approval process
- Provide reporting on issues across UK, EMEA & LAC:
- Monitor remediations through completion, escalating any that may not be completed in a timely manner
- Provide regular reporting and status on risk acceptance / remediation request
- Provide monthly reporting to regional risk and governance forums and present on risk issues, trends, risk aggregation, etc.
- Lead RA Maintenance Reviews:
- On a monthly basis, lead meetings with Infrastructure Services, Production Support, ISO, TRO and CPL to review vulnerabilities related to apps running obsolete technology
- Based on the discussion, determine next steps
- Monitor existing plans monthly to confirm they remain on track, and escalate when dates slip
- Manage the Third Party Risk Process for IT-related issues:
- Assess and rate IT issues associated with third parties
- Facilitate the risk acceptance through the approval process
- Monitor the remediation as needed
- Advise on Regulatory assessments:
- Advise on assessments of new and existing IT, Privacy and Cyber Security regulations in UK, EMEA & LAC, providing regulatory expertise
- Review regulatory assessments, and provide feedback
- Review action plans as appropriate
What we’re looking for:
- Proven, demonstrable experience within technology risk, control, and governance disciplines within a similar organisation
- Strong Problem-solving and risk mitigation skills
- Understanding of IT Risk principles and best practices
- Ability to oversee multiple processes, action plans and key stakeholders simultaneously
- Experience raising awareness of issues to key stakeholders across technology
- Core Skills
- Demonstrate effective leadership skills
- Clear, concise written and oral communication skills, coupled with the ability to drive agreement using information and interpersonal acumen
- Proven track record of drawing conclusions, making decisions, and using data to solve problems
- Ability to define solutions from ambiguous scenarios
- Maintain excellent interpersonal and oral/written communication skills
- Active listener
- Ability to drive change through influence
- Excellent negotiation, collaboration, facilitation, and coordination
- Negotiate prioritization and treatment of risk issues that span:
- Audit obligations