The Technology Risk Officer role is a key risk role reporting to the Head of Risk Controls within ERM, The role is responsible for identification, assessment, quantification and monitoring of technology related risks to AIG assets and through our insurance businesses, including, but not limited to cyber security. As financial and insurance service delivery grows increasingly dependent on technology and increasing levels of regulatory requirements demand additional risk management rigor, AIG must implement highly resilient, reliable and effective solutions that meet and in some cases exceed performance standards found in other information rich industries. This executive will lead a risk-based management effort to fully integrate information and technology risk processes into the way AIG operates. He/she will need to ensure that technology risks and their impact on business operations are understood and addressed consistently across AIG, and that technology risks of new and existing technology facilities, as well as third party facilities, are assessed, monitored and remediated as necessary.
- Serve as the executive accountable for Technology Risk Management with the necessary subject matter expertise to propose, monitor and challenge the company’s technology risk tolerance and oversee compliance, in the midst of a rapidly changing business and IT environment.
- Provide independent oversight and challenge to the implementation of AIG’s cyber security program and other technology risk related frameworks.
- Develop a technology risk strategy for AIG positioned to appropriately support and challenge the AIG business strategy
- Collaborate across ERM to incorporate technology risk in the Risk Appetite framework through defining risk tolerances for technology risks including cyber security, disaster recovery and business continuity.
- Monitor the technology risk and control environment to ensure AIG is within tolerance level and escalate as appropriate using the company’s risk governance structure.
- Assess enterprise-wide technology risk management maturity, include emerging technology in risk identification and evaluation, design tools and reporting to identify and monitor technology risk across the firm.
- Provide oversight to business units to ensure appropriate risk controls are designed and implemented for technology risk.
- Provide independent assessment on existing and identify new or emerging risks.
- Stay abreast of industry related events and enhancements to mitigate potential risks.
- Assist Head of Information Security and Controls in prioritizing actions related to remediating identified vulnerabilities through independent challenge and monitoring.
- Interact with regulators to provide responses and documentation and shape policy.
- Collaborate and share thought leadership with AIG’s Cyber Risk underwriters as AIG continues to evolve its risk assessment with the changing threat landscape.
• Post ID: 94752591 manhattan