Senior IT Security Architect

Join us as a Senior IT Security Architect to play your part in that transformation. It’s an opportunity to grow your skills and experience as a valued member of the team.

• Work with cross-functionals AIG global information security teams, AIG business and applications teams, data, network, and cloud services to secure AIG’s global applications landscape.
• Act as a design authority on cloud application security during the “Permission to Build” and “Permission to Operate” process.
• Provide support and guidance in designing complex business and operations security solutions.
• Use cloud Service APIs (e.g., AWS APIs), SaaS solutions (e.g., SIEM, XDR, Threat detection and Cloud native security services) to detect security blueprint violations (e.g., an unauthorized public exposure of AWS S3 bucket).
• Work with global cloud team and Business CIO team to remediate security violations for application architecture.
• Participate in defining architecture and process standards for the cybersecurity controls, implementation and operations.
• Contribute to evaluation, selection and configuration of cybersecurity products and services from vendors.
• Based on AIG’s cloud security strategy, identify cloud native solutions for security monitoring.
• Lead POCs for cloud security solutions.
• Work closely with AIG’s global incident response team to define use cases for cloud infrastructure, for example, what to do when a high-risk security violation is detected?
• Define cloud incident response procedure, severities and SLAs.
• Develop security requirements for the business use-cases and that meet AIG global security standards
• Work with infrastructure operations, application developers, administrators, consultants and vendors to build, configure, test and implement secured solutions that meet the business needs and are aligned and consistent with IT security strategies.
• Develop and implement principles of secure design within the architecture framework of the company – across IT, functions and across business lines
• Establish reference cybersecurity architectures that can be leveraged for scale and decentralized deployments to deliver the Cybersecurity controls and plan for Private and Public Cloud to support strategic business plan

• 8+ years of IT Security Architecture related work experience, preferably at a large, global organization.
• 3+ years of engineering and hands-on design and architecture of effective security controls and measurement in network and applications domains for large financial enterprise.
• Hands-on with development of applications security architecture for migration of IT workload to Cloud services.
• Expert knowledge and implementation experience of cloud security domains of IAM, SaaS, IaaS, PaaS, Applications and Data Security.
• Strong knowledge of DevSecOps, security policies and incident response.
• Proven expertise in building a defense in depth infrastructure security architecture that includes security controls across multiple technology stacks.
• Strong understanding of how cloud data breach can occur. Understand how adversary might compromise various cloud services and how to prevent, detect and respond.
• Cloud Services (AWS/Azure/GCP) experience in migration of applications to the cloud, automation through various tools both AWS native and third-party.
• Implement Configuration Management and Infrastructure as Code (e.g. Chef, CloudFormation, Terraform, Puppet).
• Experience in DevOps environments and automating security controls into the CI/CD process.
• Ability to work across all layers of an application and technology infrastructures.
• Ability to work with development teams to deliver high-quality security architectures.
• Trusted Advisor – the person needs to possess the personality and behaviors (diplomatic, tenacious and tactful) to rapidly establish themselves as trusted advisors to the business and as interpreters for the development of IT security solutions.
• Practical Futurist – need to have shown that they can be ready for ‘unpredictable’ risks and opportunities, developing architectures that are resilient enough to keep up with the evolution of the enterprise and cyber threat landscape.
• Commercial acumen – needs to be familiar with ‘Do more for less’, be able to identify and work with stakeholders to collect, aggregate and evaluate requirements in light of current and future technology resources and budgets.
• Bachelor’s degree in information technology, computer science or equivalent work experience.
• Master's degree preferred.

• 401k matching
• Health insurance
• Flight privileges
• Total Rewards Program

At AIG, technology is at the heart of everything we do, from underwriting risks to processing claims. The Information Technology (IT) team equips our colleagues with the latest tools to complete their work efficiently, with the highest standards of excellence.