JOB SUMMARY

The Technology Risk & Controls Manager is an integral part of the Technology Risk and Controls (TRC) team. The Japan TRC team is responsible for risk management that includes internal and external audits and regulatory examinations, IT Regulatory assessments, IT internal controls, governance for IT security, system development, computer operation and management reporting.

Key responsibilities will include, but are not limited to: managing IT regulatory compliance; overseeing Internal Audit reviews, issues and action plans; enhancing and reporting on Key Risk Indicators; and policy adoption and implementation. This position will work closely with other TRC members as well as management across IT, Risk, and Internal Audit.

JOB DESCRIPTION

The Technology Risk & Controls Manager will be responsible for numerous critical initiatives, including the following:  

Manage Risk Associated with the Transformation ProgramMonitor progress of Japan’s Transformation Program, identifying risks early and working with the Japan CIO to address themCommunicate delays for transparencyWork with the CIO to confirm appropriate governance is in place for IT spending, IT changes, etc.

Manage IT Regulatory Compliance:When a new or updated regulation is identified, conduct a regulatory assessment to assess compliance with the regulation and identify gapsDraft action plans to address the gaps and work with key stakeholders to establish ownership of the gapsObtain approval of the plans by senior leadership and the owners of the action plansMonitor action plans, understanding where there are significant issues, and what can be done to address these issues, escalating as appropriate  Collaborate with Risk to understand emerging risks stemming from these regulationsManage technology regulatory inquiries and requests for information for technology and cyber (coordination, data collection, status reporting)

Oversee IT’s Internal Audit issues:Partner with Internal Audit and IT functions to identify and understand all issuesSupport and drive the drafting of the Action Plans, confirming that they address the root cause of the issuesMonitor Action Plans, understanding where there are significant issues, and what can be done to address these issues, escalating as appropriate  

Key Risk Indicators:Extract key data points monthlyUse these data to create and track Key Risk Indicators each monthReport on these KRIs at the IT Risk Committee meetingWhen issues arise, work with IT teams to investigate to identify the root cause and resolve them

Adopt and Implement IT’s policies and standards  Provide feedback to policy and standard owners to review and refresh the existing policy suiteIdentify gaps and drive strategic change/improvementOnce the policies and standards are updated and published, provide training in JapanImplement the policies and standards in Japan

JOB REQUIREMENTS

Experience

10+ years of experience within technology risk, control, and governance, IT Internal Audit or SOX disciplines in financial industryCandidate must be Bilingual (Japanese and English)Bachelor’s degree requiredStrong expertise in SOX framework nice to haveExperience analyzing risk throughout the development life cycle of business applications.Demonstrated knowledge of internal and external controls required in a regulated insurance company environment including Japanese Personal Information Protection Act.Ability to oversee multiple processes, action plans and key stakeholders simultaneouslyExperience raising awareness of issues to key stakeholders across technology

Core Skills

Demonstrate robust analytical skillsProven track record of drawing conclusions, making decisions, and using data to solve problemsAbility to define solutions from ambiguous scenariosMaintain excellent interpersonal and oral/written communication skillsActive listenerAbility to drive change through influenceExcellent negotiation, collaboration, facilitation, and coordination Negotiate prioritization and treatment of risk issues based on level of risk

JOB SUMMARY

テクノロジーリスク＆コントロールマネージャーは、テクノロジーリスク＆コントロール（TRC）チームの重要なメンバーです。日本のTRCチームは、内部および外部監査、規制当局による審査、IT規制評価、IT内部統制、ITセキュリティのガバナンス、システム開発、システム運用、管理報告などを含むリスク管理を担当しています。

主な職務内容は、IT規制遵守のためのガバナンス管理、内部監査レビュー・課題・アクションプランのモニタリング、主要リスク指標（KRI）の強化と報告、会社のITポリシーの適用と実施など多岐にわたります。本ポジションは、他のTRCメンバーやIT、リスク、内部監査部門のマネジメントと密接に連携して業務を遂行します。

JOB DESCRIPTION

テクノロジーリスク＆コントロールマネージャーは、以下を含む多数の重要なイニシアチブを担当します。

トランスフォーメーションプログラムに関連するリスク管理日本のトランスフォーメーションプログラムの進捗を監視し、リスクを早期に特定し、日本CIOと連携して対応 透明性確保のため遅延を報告CIOと協力し、IT支出やIT変更等に関する適切なガバナンス体制の確認

IT規制遵守の管理 新規または更新された規制が特定された際、規制評価を実施し、遵守状況とギャップを特定ギャップ解消のためのアクションプランを策定し、主要関係者と協力してオーナーシップを特定シニアリーダーシップおよびアクションプランオーナの承認を取得アクションプランの進捗を監視し、重大な課題や対応策を把握し、必要に応じてエスカレーションリスク部門と連携し、規制に起因する新たなリスクを把握テクノロジーおよびサイバー関連の規制当局からの照会・情報要求への対応（調整、データ収集、進捗報告）

IT監査における課題の管理内部監査およびIT部門と連携し、全ての課題を特定アクションプランの策定を支援・推進し、根本原因への対応を確認アクションプランの進捗を監視し、重大な課題や対応策を把握し、必要に応じてエスカレーションを実施

主要リスク指標（KRI）の管理毎月、ITリスクに関する主要なデータをトラッキング・抽出し、KRIレポートを作成ITリスク委員会等でKRIを報告課題発生時はITチームと連携し、根本原因の調査・解決

ITポリシーおよびスタンダードの適用・実施ITポリシー・スタンダードのオーナーにフィードバックを提供し、既存ポリシーの見直し・刷新を推進ギャップを特定し、戦略的な改善を推進ITポリシー・スタンダードの更新・公開後、必要に応じてトレーニングを実施日本国内でのポリシー・スタンダードの適用を実施

JOB REQUIREMENTS

経験

金融業界におけるテクノロジーリスク、コントロール、ガバナンス、IT監査またはSOX分野で10年以上の経験日本語・英語必須学士号SOXフレームワークの高度な知識があれば尚可業務アプリケーションの開発ライフサイクル全体にわたるリスク分析経験保険会社で求められる内部・外部統制（日本の個人情報保護法を含む）に関する知識複数のプロセス、アクションプラン、主要関係者を同時に管理する能力テクノロジー部門全体の主要関係者に課題認識を促す経験

コアスキル

高度な分析力結論を導き意思決定を行い、データを活用して課題を解決した実績不明確な状況から解決策を定義する能力優れた対人・口頭／書面コミュニケーション能力傾聴力影響力を活用したトランスフォーメーション等の推進力優れた交渉力、協働力、ファシリテーション力、調整力リスクレベルに応じた課題の優先順位付け・対応方法の交渉

At AIG, we value in-person collaboration as a vital part of our culture, which is why we ask our team members to be primarily in the office. This approach helps us work together effectively and create a supportive, connected environment for our team and clients alike.

Enjoy benefits that take care of what matters

At AIG, our people are our greatest asset. We know how important it is to protect and invest in what’s most important to you. That is why we created our Total Rewards Program, a comprehensive benefits package that extends beyond time spent at work to offer benefits focused on your health, wellbeing and financial security—as well as your professional development—to bring peace of mind to you and your family.

Reimagining insurance to make a bigger difference to the world

American International Group, Inc. (AIG) is a global leader in commercial and personal insurance solutions; we are one of the world’s most far-reaching property casualty networks. It is an exciting time to join us — across our operations, we are thinking in new and innovative ways to deliver ever-better solutions to our customers. At AIG, you can go further to support individuals, businesses, and communities, helping them to manage risk, respond to times of uncertainty and discover new potential. We invest in our largest asset, our people, through continuous learning and development, in a culture that celebrates everyone for who they are and what they want to become.

Welcome to a culture of inclusion

We’re committed to creating a culture that truly respects and celebrates each other’s talents, backgrounds, cultures, opinions and goals. We foster a culture of inclusion and belonging through learning, cultural awareness activities and Employee Resource Groups (ERGs). With global chapters, ERGs are a cornerstone for our culture of inclusion. The talent of our people is one of AIG’s greatest assets, and we are honored that our drive for positive change has been recognized by numerous recent awards and accreditations.

AIG provides equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.

AIG is committed to working with and providing reasonable accommodations to job applicants and employees with disabilities.  If you believe you need a reasonable accommodation, please send an email to candidatecare@aig.com.  

Functional Area:

IT - Information Technology

AIG Business Partners KK