• Technology Risk & Controls Manager

    AIG (Salida, CO)


    JOB SUMMARY

    The Technology Risk & Controls Manager is an integral part of the Technology Risk and Controls (TRC) team. The Japan TRC team is responsible for risk management that includes internal and external audits and regulatory examinations, IT Regulatory assessments, IT internal controls, governance for IT security, system development, computer operation and management reporting.

     

    Key responsibilities will include, but are not limited to: managing IT regulatory compliance; overseeing Internal Audit reviews, issues and action plans; enhancing and reporting on Key Risk Indicators; and policy adoption and implementation. This position will work closely with other TRC members as well as management across IT, Risk, and Internal Audit.

    JOB DESCRIPTION

    The Technology Risk & Controls Manager will be responsible for numerous critical initiatives, including the following:

    + Manage Risk Associated with the Transformation Program

    + Monitor progress of Japan’s Transformation Program, identifying risks early and working with the Japan CIO to address them

    + Communicate delays for transparency

    + Work with the CIO to confirm appropriate governance is in place for IT spending, IT changes, etc.

    + Manage IT Regulatory Compliance:

    + When a new or updated regulation is identified, conduct a regulatory assessment to assess compliance with the regulation and identify gaps

    + Draft action plans to address the gaps and work with key stakeholders to establish ownership of the gaps

    + Obtain approval of the plans by senior leadership and the owners of the action plans

    + Monitor action plans, understanding where there are significant issues, and what can be done to address these issues, escalating as appropriate

    + Collaborate with Risk to understand emerging risks stemming from these regulations

    + Manage technology regulatory inquiries and requests for information for technology and cyber (coordination, data collection, status reporting)

    + Oversee IT’s Internal Audit issues:

    + Partner with Internal Audit and IT functions to identify and understand all issues

    + Support and drive the drafting of the Action Plans, confirming that they address the root cause of the issues

    + Monitor Action Plans, understanding where there are significant issues, and what can be done to address these issues, escalating as appropriate

    + Key Risk Indicators:

    + Extract key data points monthly

    + Use these data to create and track Key Risk Indicators each month

    + Report on these KRIs at the IT Risk Committee meeting

    + When issues arise, work with IT teams to investigate to identify the root cause and resolve them

    + Adopt and Implement IT’s policies and standards

    + Provide feedback to policy and standard owners to review and refresh the existing policy suite

    + Identify gaps and drive strategic change/improvement

    + Once the policies and standards are updated and published, provide training in Japan

    + Implement the policies and standards in Japan

    JOB REQUIREMENTS

    Experience

    + 10+ years of experience within technology risk, control, and governance, IT Internal Audit or SOX disciplines in financial industry

    + Candidate must be Bilingual (Japanese and English)

    + Bachelor’s degree required

    + Strong expertise in SOX framework nice to have

    + Experience analyzing risk throughout the development life cycle of business applications.

    + Demonstrated knowledge of internal and external controls required in a regulated insurance company environment including Japanese Personal Information Protection Act.

    + Ability to oversee multiple processes, action plans and key stakeholders simultaneously

    + Experience raising awareness of issues to key stakeholders across technology

     

    Core Skills

     

    + Demonstrate robust analytical skills

    + Proven track record of drawing conclusions, making decisions, and using data to solve problems

    + Ability to define solutions from ambiguous scenarios

    + Maintain excellent interpersonal and oral/written communication skills

    + Active listener

    + Ability to drive change through influence

    + Excellent negotiation, collaboration, facilitation, and coordination

    + Negotiate prioritization and treatment of risk issues based on level of risk

    JOB SUMMARY

    クノロジーリスク&コントロールマネージャーは、テクノロジーリスク&コントロール(TRC)チームの重要なメンバーです。日本のTRCチームは、内部および外部監査、規制当局による審査、IT規制評価、IT内部統制、ITセキュリティのガバナンス、システム開発、システム運用、管理報告などを含むリスク管理を担当しています。

    な職務内容は、IT規制遵守のためのガバナンス管理、内部監査レビュー・課題・アクションプランのモニタリング、主要リスク指標(KRI)の強化と報告、会社のITポリシーの適用と実施など多岐にわたります。本ポジションは、他のTRCメンバーやIT、リスク、内部監査部門のマネジメントと密接に連携して業務を遂行します。

    JOB DESCRIPTION

    クノロジーリスク&コントロールマネージャーは、以下を含む多数の重要なイニシアチブを担当します。

    + トランスフォーメーションプログラムに関連するリスク管理

    + 日本のトランスフォーメーションプログラムの進捗を監視し、リスクを早期に特定し、日本CIOと連携して対応

    + 透明性確保のため遅延を報告

    + CIOと協力し、IT支出やIT変更等に関する適切なガバナンス体制の確認

    + IT規制遵守の管理

    + 新規または更新された規制が特定された際、規制評価を実施し、遵守状況とギャップを特定

    + ギャップ解消のためのアクションプランを策定し、主要関係者と協力してオーナーシップを特定

    + シニアリーダーシップおよびアクションプランオーナの承認を取得

    + アクションプランの進捗を監視し、重大な課題や対応策を把握し、必要に応じてエスカレーション

    + リスク部門と連携し、規制に起因する新たなリスクを把握

    + テクノロジーおよびサイバー関連の規制当局からの照会・情報要求への対応(調整、データ収集、進捗報告)

    + IT監査における課題の管理

    + 内部監査およびIT部門と連携し、全ての課題を特定

    + アクションプランの策定を支援・推進し、根本原因への対応を確認

    + アクションプランの進捗を監視し、重大な課題や対応策を把握し、必要に応じてエスカレーションを実施

    + 主要リスク指標(KRI)の管理

    + 毎月、ITリスクに関する主要なデータをトラッキング・抽出し、KRIレポートを作成

    + ITリスク委員会等でKRIを報告

    + 課題発生時はITチームと連携し、根本原因の調査・解決

    + ITポリシーおよびスタンダードの適用・実施

    + ITポリシー・スタンダードのオーナーにフィードバックを提供し、既存ポリシーの見直し・刷新を推進

    + ギャップを特定し、戦略的な改善を推進

    + ITポリシー・スタンダードの更新・公開後、必要に応じてトレーニングを実施

    + 日本国内でのポリシー・スタンダードの適用を実施

    JOB REQUIREMENTS

    + 金融業界におけるテクノロジーリスク、コントロール、ガバナンス、IT監査またはSOX分野で10年以上の経験

    + 日本語・英語必須

    + 学士号

    + SOXフレームワークの高度な知識があれば尚可

    + 業務アプリケーションの開発ライフサイクル全体にわたるリスク分析経験

    + 保険会社で求められる内部・外部統制(日本の個人情報保護法を含む)に関する知識

    + 複数のプロセス、アクションプラン、主要関係者を同時に管理する能力

    + テクノロジー部門全体の主要関係者に課題認識を促す経験

    アスキル

    + 高度な分析力

    + 結論を導き意思決定を行い、データを活用して課題を解決した実績

    + 不明確な状況から解決策を定義する能力

    + 優れた対人・口頭/書面コミュニケーション能力

    + 傾聴力

    + 影響力を活用したトランスフォーメーション等の推進力

    + 優れた交渉力、協働力、ファシリテーション力、調整力

    + リスクレベルに応じた課題の優先順位付け・対応方法の交渉

     

    At AIG, we value in-person collaboration as a vital part of our culture, which is why we ask our team members to be primarily in the office. This approach helps us work together effectively and create a supportive, connected environment for our team and clients alike.

     

    Enjoy benefits that take care of what matters

     

    At AIG, our people are our greatest asset. We know how important it is to protect and invest in what’s most important to you. That is why we created our Total Rewards Program, a comprehensive benefits package that extends beyond time spent at work to offer benefits focused on your health, wellbeing and financial security—as well as your professional development—to bring peace of mind to you and your family.

     

    Reimagining insurance to make a bigger difference to the world

     

    American International Group, Inc. (AIG) is a global leader in commercial and personal insurance solutions; we are one of the world’s most far-reaching property casualty networks. It is an exciting time to join us — across our operations, we are thinking in new and innovative ways to deliver ever-better solutions to our customers. At AIG, you can go further to support individuals, businesses, and communities, helping them to manage risk, respond to times of uncertainty and discover new potential. We invest in our largest asset, our people, through continuous learning and development, in a culture that celebrates everyone for who they are and what they want to become.

     

    Welcome to a culture of inclusion

     

    We’re committed to creating a culture that truly respects and celebrates each other’s talents, backgrounds, cultures, opinions and goals. We foster a culture of inclusion and belonging through learning, cultural awareness activities and Employee Resource Groups (ERGs). With global chapters, ERGs are a cornerstone for our culture of inclusion. The talent of our people is one of AIG’s greatest assets, and we are honored that our drive for positive change has been recognized by numerous recent awards and accreditations.

     

    AIG provides equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.

     

    AIG is committed to working with and providing reasonable accommodations to job applicants and employees with disabilities. If you believe you need a reasonable accommodation, please send an email to [email protected] .

    Functional Area:

    IT - Information Technology

     

    AIG Business Partners KK