Head of Information Security

서울시
정규직
풀타임

2개월 전

Head of Information Security, IT, South KoreaAt AIG, we are reimagining the way we help customers to manage risk. Join us as a Head of IS to play your part in that transformation. It’s an opportunity to grow your skills and experience as a valued member of the team.Make your mark in ITAt AIG, technology is at the heart of everything we do, from underwriting risks to processing claims. The Information Technology team equips our colleagues with the latest tools to complete their work efficiently and with the highest standards of excellence. The team is responsible for shielding the company’s systems from security risks, while designing technology strategies that enable AIG’s businesses to achieve their goals. AIG’s Information Technology functions include enterprise architecture, software and systems engineering, cybersecurity, and technology risk and compliance.How you will create an impactThe Head of IS will support the Business and region by understanding key business processes and critical systems, they will identify specific security needs and drive completion of projects and adoption of security procedures, policies and standards.This role ensures the organization’s security posture is robust and compliant with internal policies, regulatory obligations, and industry best practices.The IS will act as the key advisor to senior leadership on security risks and strategies, leading enterprise-wide initiatives to safeguard critical information assets, systems, and operations while promoting a culture of security awareness across all business unitsKEY RESPONSIBILITES, INCLUDE BUT ARE NOT LIMITED TO:

Responsible for providing security leadership, advice and counsel to executive management teams on security policy and practices; identifies exposures and threats and drives corrective plans based on risk
Implement the Company’s information security strategy across the business environments
Ensure the enterprise information security architecture and roadmaps are implemented and meet both business and information security objectives
Identify and understand key business processes, systems and specific security needs critical to Business Unit, and ensure they are incorporated into the overall cybersecurity strategy
Help develop business cases, secure leadership sponsorship, and drive adoption and implementation of security projects and programs
Support the business in its compliance with Korea Financial Security Regulations (e.g., ISMS, Financial Supervisory Service (FSS) and Financial Security Institute (FSI) guidelines, Electronic Financial Transactions Act, Personal Information Protection Act)

or any other relevant regulatory guidelines/standards issued by the local regulator. * Help formulate and facilitate the effective implementation of relevant technology risk/information security standards required by the respective regulators (Eg RMiT Technology Risk Management Framework, and Cyber Resilience Framework) for the local entity

Ensure security projects and activities are prioritized based on risk to the business unit; work with leadership team to develop risk management program to ensure the confidentiality, integrity, and availability of information owned, controlled or processed by the Company
Responsible for ensuring security incident response, vulnerability management, cyber threat intelligence and associated mitigation processes are working well across global teams
Support anticipating, identifying, and deterring cyber-based attacks against AIG and its business operations, employees, and subsidiaries
Provide support to central team developing threat response and risk mitigation plans, including input into scenarios that involve invoking countermeasures and containment strategies
Ensure security issues are addressed with timely, appropriate responses to minimize the impact to the Company, or its assets, customers or reputation
Monitor and evaluates risk performance metrics on key security issues and programs, recommends corrective action programs as appropriate, and drives remediation items to completion
Actively contribute in the matters being discussed at the management committees (e.g. risk committee meetings, Board of Directors meeting) where information security is an invitee or a member, and where relevant, provide inputs of the matters under the information security purview.
Remain current on constantly emerging Cybersecurity and geopolitical threats to ensure continual protection of the Company’s assets, information and reputation, ensuring the risk balance between risk posture and business agility

What you’ll need to succeedREQUIRED SKILLS /EXPERIENCE/QUALIFICATIONS:

10+ years of experience in information security, with at least 3 years in a ISO leadership role.
Demonstrated experience building and running an enterprise information security program.
Strong understanding of regulatory requirements (e.g., FSS, FSI, ISMS, GDPR, PCI-DSS, PIPA).
In-depth knowledge of cyber risk management frameworks (e.g., ISO 27001, RMF).
Experience handling executive-level reporting and regulatory liaison.
Excellent stakeholder engagement, communication, and leadership skills.
Familiarity with enterprise architecture, cloud security, and data governance.
Strong analytical and decision-making skills, especially in crisis situations.
Certifications such as CISSP, CISM, CRISC, or CISA are strongly preferred.
Experience in the financial services or insurance sector is highly desirable

Management experience:

Management of highly technical and experienced engineers
Experience of managing IT services in line with ITIL good practice
Appraisals, performance management, recruitment
Third party and service provider management
Commercial experience with tier 1 vendors, RFPs, contract negotiation and selection
Professionalism and ethical behavior

Other relevant skills:

Technology roadmap creation and execution
Cost-benefit analysis and vendor negotiations
Coordinating with regulatory audits and responding to ITGC/internal controls
ITIL-based service operations and policy creation
Technical documentation and RFP/proposal review
Configuration, capacity and availability management
Incident, problem, and change management
Understanding of the insurance sector and regulatory dependencies (desirable)
Critiquing of complex technical designs and proposals
Management of highly technical teams and ISO engineers
Recruitment, performance management, and succession planning
Strategic stakeholder communication and cross-department collaboration
Certifications are desirable – Microsoft, VMware, NetApp, Cisco, Juniper, Citrix
Experience in the insurance market and related concepts is desirable

#LI-SK1At AIG, we value in-person collaboration as a vital part of our culture, which is why we ask our team members to be primarily in the office. This approach helps us work together effectively and create a supportive, connected environment for our team and clients alike.Enjoy benefits that take care of what mattersAt AIG, our people are our greatest asset. We know how important it is to protect and invest in what’s most important to you. That is why we created our Total Rewards Program, a comprehensive benefits package that extends beyond time spent at work to offer benefits focused on your health, wellbeing and financial security—as well as your professional development—to bring peace of mind to you and your family.Reimagining insurance to make a bigger difference to the worldAmerican International Group, Inc. (AIG) is a global leader in commercial and personal insurance solutions; we are one of the world’s most far-reaching property casualty networks. It is an exciting time to join us — across our operations, we are thinking in new and innovative ways to deliver ever-better solutions to our customers. At AIG, you can go further to support individuals, businesses, and communities, helping them to manage risk, respond to times of uncertainty and discover new potential. We invest in our largest asset, our people, through continuous learning and development, in a culture that celebrates everyone for who they are and what they want to become.Welcome to a culture of inclusionWe’re committed to creating a culture that truly respects and celebrates each other’s talents, backgrounds, cultures, opinions and goals. We foster a culture of inclusion and belonging through learning, cultural awareness activities and Employee Resource Groups (ERGs). With global chapters, ERGs are a cornerstone for our culture of inclusion. The talent of our people is one of AIG’s greatest assets, and we are honored that our drive for positive change has been recognized by numerous recent awards and accreditations.AIG provides equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.AIG is committed to working with and providing reasonable accommodations to job applicants and employees with disabilities. If you believe you need a reasonable accommodation, please send an email to .Functional Area: IT - Information TechnologyAIG Korea Inc. (South Korea)

AIG손해보험

지원하기