Cyber Risk Advisor

American International Group, Inc. (AIG) - UAE

Cyber Risk Advisor EMEA region

Location: multiple locations in Continental Europe or Middle East region

American International Group, Inc. (AIG) is a leading global insurance organization. Building on 100 years of experience, today AIG member companies provide a wide range of property casualty insurance, life insurance, retirement solutions, and other financial services to customers in more than 80 countries and jurisdictions. These diverse offerings include products and services that help businesses and individuals protect their assets, manage risks and provide for retirement security.

General Insurance is a leading provider of insurance products and services for commercial and personal insurance customers. It includes one of the world s most far-reaching property casualty networks. General Insurance offers a broad range of products to customers through a diversified, multichannel distribution network.

The Cyber Risk Advisor will act as a subject matter expert for AIG related to cyber risk and threats and provides knowledge and support across AIG cyber offering related to cyber risks, threat landscape and cyber security controls and processes. This role will work with regional and country leaders to determine strategy, areas of focus and guide the team in delivering advisory support to enable the business to meet and exceed our results. This role will be evaluating, recommending, and negotiating with external Partners, providing expertise and skills transfer to internal AIG key resources and constituents, and interfacing with external parties to alert on existing high-risk vulnerabilities, to develop and deliver selected loss control services, to present to large audiences on AIG cyber strategy and approach and to perform business development activities.

The Cyber risk Advisor will directly lead and contribute to the achievement of AIG Cyber global financial goals and ransomware specific coverage strategies.

What you need to know:

• Evaluate the existing risk controls that shield the assets: infosec tools, legal contracts, insurance policies. Then find gaps where perils and vulnerabilities could cause unanticipated losses and liabilities. Provide cyber advisory service to improve the risk quality of accounts.

• Quantify the probability and severity of potential direct and indirect impacts, e.g., liabilities, fines, interruptions, corruptions, opportunity costs, contingent impacts to others.

• Develop and maintain security subject matter expertise.

• Envision and help develop new insurance and cyber risk-service offerings that can be offered to existing clients. Devise remediation plans for new cyber clients and industry groups.

• Expand AIG's offering to encompass all aspects of risk management: how to avoid, prevent, mitigate, legally transfer, and financially insure new and emerging risks of hazards discovered in engagements.

• Present high-level risk reviews and analyses to executive committees, industry leaders, privacy regulators, and national-security organizations.

• Work with other business leaders to determine what underwriting teams and brokers require additional support in cyber security education, thought leadership and sales training around service offering and lead the team in delivering this support.

• Investigate and evaluate existing and new ways to revise and improve the cyber risk engineering process.

• Research, identify, evaluate, select, and negotiate with Partners to expand the value-add services AIG brings to cyber risk management.

• Ensure team is identifying areas of weakness within applicant or renewing clients controls and work with internal resources and external resources to create solutions to improve our clients risk profile.

• Conduct cyber risk advisory services and work with vendors and internal engineers to deliver fee generating services.

• Provide key analytics to AIG's client base.

• Lead the completion of all Cyber Claims Taxonomies for the countries assigned for all cyber claims capturing metadata on Actor, Action, Attribution and Assets.

• Develop talent and process for the alerting process leveraging existing tools and capabilities to identify and help remediate existing high-risk vulnerabilities.

• Educate clients, applicants, brokers, and underwriters on the alerting process.

• Assist with product launches and public speaking engagements.

• Develop thought leadership materials related to cyber security

• Experience working in or with Incident Management teams will be viewed favourably

What we re looking for (Job requirements):

• Bachelor's Degree, ideally in Engineering or similar fields

• Strong Technical Cybersecurity expertise focused on key risks notably ransomware tactics, techniques and procedures

• Consulting or Technology consulting experience is a plus

• Excellent cyber risk advisory skills to help clients improve their cyber risk profile and achieve a better security posture.

• Excellent understanding of the global cyber threat landscape and emerging risks such as Artificial Intelligence, cloud security and quantum computing

• Partner experience

• Penetration Testing and/or Forensic Investigation Skills

• Business Development experience preferred

• Demonstrable experience with investigative tools