Your future team
Our technology teams collaborate with their worldwide colleagues and partners every day to take on the challenges of providing IT support to one of the world'
s leading financial services firm. We're people who believe that with the right values and hard work, anything is possible.
We know that if we're at our best, that enables our customers to be their best and realize their dreams and hoped for successes.
The Information Technology group provides enterprise-wide IT solutions for all of AIG's specialized disciplines. Technology provides strategic and procedural support in all of AIG'
s specialized disciplines, such as policy issuance, premium collection, claims handling, and administration. It enables AIG to deliver business strategies through efficient world-
class IT and operations services, while ensuring the necessary IT risk management and security measures are in place.
The AIG ISO Corporate Security Operations Team Extension supports a number of proponents of various services in three areas;
a) Security assessments which includes SSA and EXREQ; (b) Security Monitoring - DLP Event Review, WFCR and ECC Review; (c) the RSA AA Security Support which includes Policy Management (ITSEC), User Activities review and investigation (SOC) and User Provisioning (SecAdmin).
Your contribution at AIG
As an influencer at AIG, people come to you as a go-to source for help and support because of your deep knowledge and expertise.
As a more experienced team member, you are capable of driving continual improvement and impacting the way that things get done.
Because of your influence, whether direct or indirect, we are able to deliver powerful outcomes for our clients.
Provide security assessments on the following; Software Security Assessment (SSA), Application Scanning Request (APPSCAN), and Exception Request (EX-REQ)
Perform and Review Application Threat and Vulnerability Assessment
Perform and Review IT Security Risk Assessment
Review and process external network connectivity requests
Review and process requests for exception or exemption to IT Security standards
Identify gaps and areas for improvement during audits / IT assessments
Come up with recommendations for remediation of areas identified during audit / IT assessments
Follow through on ensuring key remediation efforts are implemented
Ensure IT Security assessment program minimizes risks associated with business partners and vendors.
Performs other duties & responsibilities as required or assigned by the Lead Information Security Risk Analyst.
Specific Tasks - SOC Monitoring :
Investigate new cases in Case Management and monitor such for at least two weeks to check for any patterns and unusual behavior.
Review the Case Management logs to check for inconsistencies in user behavior such as access from non-business country and possible sharing of accounts.
Report any accounts that are of interest to the Business Partners if the security incident persists for the duration of the review.
Report the general health and statistics for the RSA-AA logs.
Identify changes that needs to be done to improve the overall security controls with regards to the use of RSA-AA such as changes to the policies / rules, risk score baselines and lists.
Specific Tasks - IT Security :
Approve, test and implement any RSA-AA Back Office Production changes to the : a) Security settings in the Administration tab of the Back Office module;
and b) Policy / rules in the Policy Management tab of the Back Office module
Document all changes within the Service Now Change Request following AIG Change Control Procedures in the process of implementing these changes.
Specific Tasks - Security Administration :
Provision of user accounts in RSA A-AA Access Management module for new back office user requests.
Edit user account's access privilege in RSA A-AA Access Management module for existing user accounts.
What we are looking for
Minimum 2 to 3 years of experience IT Risk Management, IT Audit, and Information Security.
Experience in coordinating IT security Audit engagements
Experience with highly regulated industry experience compliance requirements, Insurance industry expertise preferred (not mandatory)
Experience in IT or security disciplines such as authentication and authorization models, data protection methods, networking, firewall models, common application security models, investigations,application scanning, threat and vulnerability management processes.
Knowledge and experience in McAfee DLP, Anti-Virus, Network Security, Network Designs, Firewalls, and Virtual Private Networks.
Proven track record of on-time, on-budget audits
Familiar with IT Security Audit Requirements
Familiar with Quality and Risk Management Process
Familiar with SDLC Framework
Familiar with any of the Regulatory Standards (e.g. Risk IT, COBIT, ISO, ITIL)
A related Bachelor's degree or equivalent work experience
Certification in either Security+ or CISA is highly desired but not mandatory for this role
Very proficient with Microsoft Project, PowerPoint, Excel and Word