English follows Japanese:

職務目的 Job Purpose

Japan Business Service Delivery(BSD)リードは、アプリケーションのセキュリティ態勢の向上、およびビジネスITチームにおけるサイバーセキュリティ関連の優先事項を推進する役割を担います。

各種業界標準、関連法規、社内ITポリシーおよび基準への準拠を確保しながら、Information Security Office(ISO)、グローバルインフラストラクチャ、テクノロジーリスク、各ビジネスユニット(GI・Enterprise Systems)と連携し、サイバーセキュリティ態勢の維持・強化に向けた統制および計画策定を支援します。

主な職務内容 Job Responsibilities

本ポジションは、セキュリティレビューの実施・調整、ならびにAIG Japan 全体のセキュリティガバナンスプロセスの統合および改善に関わる各種業務を担当します。

• 会社の情報セキュリティ戦略に基づき、地域ビジネスユニット全体におけるサイバーセキュリティ態勢の実装、維持、強化を主導する
• グローバルISOチームと連携し、透明性やコミュニケーションなど、グローバルの要件を満たしたサイバーセキュリティサービスを提供
• 重要なビジネスプロセスやシステム、各事業部特有のセキュリティニーズを把握し、全体のサイバーセキュリティ戦略に反映
• システム/アプリケーションの改善(パッチ適用、設定管理、EOL対応/アップグレード等)、監視・ログ管理、IAM関連のサイバーセキュリティプロジェクトの日常的な管理・調整
• ISOポリシーおよび基準への準拠状況を追跡・報告し、ISOおよびBSOリーダーシップと協働
• 各ビジネスユニットIT部門の信頼できるアドバイザーとして、サイバーリスク評価および改善方針策定を支援
• アプリケーションポートフォリオが基準・再認定サイクルに従うよう、Software Security Assessment(SSA)チームやセキュリティアーキテクトと連携
• リスク評価に基づくサイバーセキュリティ要件の技術的翻訳および助言を担当
• 地域ビジネスユニットやISOチームと連携し、セキュリティ標準が遵守され、改善施策が高品質で実施されるよう推進
• 他のISOリーダーと協働し、戦略的・戦術的施策を遂行し、横断的な透明性・コミュニケーションを強化
• 様々なデータソースから分析を行い、重要なセキュリティリスクや改善提言を効果的にレポーティング
• グローバルサイバーディフェンスセンター(GCDC)からの脅威情報を確認し、各ユニットの改善進捗を追跡
• 主要リスク指標をモニタリング/評価し、必要に応じて是正措置を提案・推進
• テクノロジーリスク&コントロール(TRC)と連携し、規制要件が遵守されているか確認
• セキュリティインシデントに対し、適切かつ迅速な対応を行い、事業・資産・顧客・ブランドへの影響を最小化
• プレゼン資料、予算案、要件定義、一般的なプロジェクト仕様書などの作成
• 地域のサイバーセキュリティプロジェクト会議をリードし、全体進捗を管理

主な関係者 Key Relationships

Internal Interactions 社内
(Within the Organization)

• Japan ISO:Cyber Defense、Vulnerability Management、Governance Resiliency & Engagement(GRE)、Third Party Risk Management、Security Architecture、Security Engineering、IAM
• Global ISO:Business Service Delivery、GCDC、SSA、SRT
• Japan Technology Risk & Control
• Japan Business Unit IT
• Japanアプリケーション開発・運用チーム
• Japan/Globalインフラサポートチーム

External Interactions 社外
(Outside the Organization)

• エージェンシー代理店(Agency Representatives)
• 外部ベンダー各社

求めるスキル・経験Required Skills and Experiences

学歴Educational Qualification

• コンピューターサイエンス関連の学士号、または同等の実務経験

語学要件Specific Qualifications

• 日本語:ネイティブレベル
• 英語:中級レベル(メール対応、英文資料の読解、グローバルとのミーティングにおける会話)

経験 Total Experience

• 情報セキュリティ、リスク管理、アプリケーション開発、インフラ管理のいずれかにおける10年以上の経験(グローバル金融業界であれば尚可)
• 情報セキュリティ/リスク管理領域の5年以上の経験必須
• セキュリティチームのリード経験、複雑な環境での実績
• CrowdStrike、Qualys、Veracode、Tanium、Imperva 等のツール使用経験
• 以下資格あれば尚可:CISSP、CISM、CISA、CRISC、CGEIT
• 開発・アーキテクチャに関する知識(特にセキュリティ観点)
• アプリケーションのサイバーリスクを多層で評価できるスキル
• セキュリティリスクとビジネスインパクトを明確に説明できる能力
• リスク管理原則・セキュリティメトリクスの運用経験
• 周囲を巻き込み推進するリーダーシップ
• 個人貢献者としても働ける高い影響力
• プロジェクト管理、問題解決、分析能力(PMP歓迎)
• 高いコミュニケーション能力(資料作成含む)
• 複数タイムゾーンでの業務経験
• 自律的に業務を遂行できる方
• 金融/保険業界経験者歓迎
• グローバル環境下での業務経験、海外規制への理解歓迎
• 高い組織力・時間管理能力
• サイバーセキュリティ分野のスキル向上への強い意欲

Job Purpose

The Japan Business Service Delivery Lead will be responsible for driving the improvement of the application security posture and supporting cybersecurity priorities across the business information technology teams by ensuring compliance to relevant industry standards, regulations, and internal IT policies and standards. This role will engage with various control towers across Information Security Office (ISO), Global Infrastructure, Technology Risk, and the Business Units (BUs – General Insurance and Enterprise Systems) to help govern and develop plans to maintain a strong cybersecurity posture.

Job Responsibilities

Key responsibilities of this position would involve capability of performing and organizing security reviews, as well as performing tasks focused on integration & enhancement of security governance processes throughout AIG Japan.

• Lead delivery of the Company's information security strategy across the regional business units by driving the implementation, maintenance, and enhancement of AIG cybersecurity posture.
• Collaborate with global Information Security Office leaders and colleagues to ensure applicable business requirements related to global cyber security service delivery are met, such as transparency and communication.
• Identify and understand key business processes, systems and specific security needs critical to regional business units, and ensure they are incorporated into the overall cybersecurity strategy.
• Provide day to day oversight and coordination across the regional business units for cybersecurity projects, specifically system and application remediation (patching, settings, EOL/upgrades), monitoring and logging, identity and access management.
• Track and report compliance with ISO policies and standards in coordination with the ISO and BSO leadership team.
• Act as a trusted advisor to the regional business unit CIO organization for cybersecurity risk assessment and articulation while also assisting the development of remediation strategies.
• Partner across multiple regional business units and infrastructure services on security initiatives and services.
• Work with the Software Security Assessment (SSA) team and Security Architects to ensure application portfolios adhere to standards and recertification cadence.
• Serve as a subject matter expert / technical lead in translating cybersecurity requirements based on risk assessment
• Partner with the regional business units and ISO teams to ensure security standards are followed, enforced and solutions delivered to improve security are implemented at a high quality.
• Collaborate with other ISO leads to deliver tactical and strategic work and provide transparency and communications horizontally to all regional business unit Project Managers.
• Use analytics to extract key insights from various data stores and deliver reporting to effectively communicate critical security risks and actionable recommendations.
• Review threat intelligence feeds from company Global Cyber Defense Center and track remediation progress across regional business units.
• Monitor, evaluate, and report key risk performance metrics recommending corrective action programs as appropriate, and drive remediation activities to completion.
• Work with Technology Risk and Controls (TRC) to ensure that regulatory security requirements are being met by the regional business units.
• Ensure security issues are addressed with timely, appropriate responses to minimize the impact to the businesses, or its assets, customers or reputation.
• Prepare formal presentations, budgets, business requirements, and general project specifications.
• Provide regional cybersecurity project oversight and coordination by leading cybersecurity project meetings, communicating project status, assessing project risk/issues, developing mitigation and remediation plans with both project staff and senior leadership ensuring appropriate delivery while balancing business impact.
• Work with regional teams to embrace scope and budgetary requirements.
• Lead a team of high performing professionals of diverse perspectives.

Key Relationships

Internal Interactions
(Within the Organization)

• Japan ISO - Cyber Defense, Vulnerability Management, Governance Resiliency and Engagement (GRE), Third Party Relationship Management, Security Architecture, Security Engineering, Identity and Access Management
• Global ISO – Business Service Delivery, Global Cyber Defense Center (GCDC), Software Security Assessment Team (SSA), Security Remediation Team (SRT)
• Japan Technology Risk and Control
• Japan Business Unit IT Representatives
• Japan Application Development and Support Teams
• Japan/Global Technology Infrastructure Support Teams

External Interactions
(Outside the Organization)

• Agency Representatives
• External Vendors

Required Skills and Experiences

Educational Qualification

• Bachelor's degree in Computer Science or equivalent work experience

Specific Qualifications

• Language proficiency in Japanese at Native level. Intermediate level English (email communication and reading English materials, conversations at meetings with Global counterparts)

Total Experience

• 10+ years of total experience in Information Security and Risk Management and/or related technology functions in application development, infrastructure management of business applications required, preferably in a global financial services firm.
• 5+ years Information Security and Risk Management experience required.
• Prior experience leading security teams and a proven track record of success in complex environments.
• Experience with cybersecurity controls and tools like CrowdStrike, Qualys, Veracode, Tanium, and Imperva.
• Security Certifications a plus: CISSP, CISM, CISA, CRISC, CGEIT.
• Knowledge of development and architecture frameworks with strong focus on cybersecurity.
• Strong understanding of application development architecture and techniques and ability to assess application cyber-risk across all layers of the business application.
• Ability to communicate security risks and business impact clearly to all levels of the organization.
• Knowledge and experience implementing risk management principles and security metrics.
• Ability to positively influence the behavior of peers and build relationships with other teams.
• Ability to work as an individual contributor, but with significant influencing skills.
• Excellent Project Management, problem solving, and analytical skills; PMP certification a plus.
• Strong communication and presentation skills, both verbal and written; MS PowerPoint a plus.
• Ability to work in a fast-paced environment, and across multiple time zones.
• Detail oriented self-starter who can work independently with minimal supervision.
• Experience in financial or insurance industry preferred.
• Experience operating in a global environment including familiarity with local laws and regulations in foreign countries.
• Strong organizational and time management skills
• Commitment to advancing skills in the cybersecurity field.

At AIG, we value in-person collaboration as a vital part of our culture, which is why we ask our team members to be primarily in the office. This approach helps us work together effectively and create a supportive, connected environment for our team and clients alike.

Enjoy benefits that take care of what matters

At AIG, our people are our greatest asset. We know how important it is to protect and invest in what's most important to you. That is why we created our Total Rewards Program, a comprehensive benefits package that extends beyond time spent at work to offer benefits focused on your health, wellbeing and financial security—as well as your professional development—to bring peace of mind to you and your family.

Reimagining insurance to make a bigger difference to the world

American International Group, Inc. (AIG) is a global leader in commercial and personal insurance solutions; we are one of the world's most far-reaching property casualty networks. It is an exciting time to join us — across our operations, we are thinking in new and innovative ways to deliver ever-better solutions to our customers. At AIG, you can go further to support individuals, businesses, and communities, helping them to manage risk, respond to times of uncertainty and discover new potential. We invest in our largest asset, our people, through continuous learning and development, in a culture that celebrates everyone for who they are and what they want to become.

Welcome to a culture of inclusion

We're committed to creating a culture that truly respects and celebrates each other's talents, backgrounds, cultures, opinions and goals. We foster a culture of inclusion and belonging through learning, cultural awareness activities and Employee Resource Groups (ERGs). With global chapters, ERGs are a cornerstone for our culture of inclusion. The talent of our people is one of AIG's greatest assets, and we are honored that our drive for positive change has been recognized by numerous recent awards and accreditations.

AIG provides equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.

AIG is committed to working with and providing reasonable accommodations to job applicants and employees with disabilities.  If you believe you need a reasonable accommodation, please send an email to   

Functional Area: