Director, Cyber Transformation

The Cyber Transformation Director is responsible for designing and driving AIGs cybersecurity transformation program. This role will ensure that the Information Security Office (ISO) can respond effectively to accelerating technology change emerging threats and the velocity and scale of AI-driven cyber risks while also continuing to maintain strong business-as-usual cybersecurity operations and a high degree of cyber hygiene throughout the transformation period.

Operating at enterprise scale the role translates cyber & business strategy into an integrated outcome-driven program consisting of formalized well-governed change projects that will deliver measurable risk reduction and a demonstrable return on security investment.

Success in the role will depend on the individuals ability to mobilize align and sustain delivery across ISO IT and Business Units; often driving change through influence rather than direct control.

Key Responsibilities

• Define in partnership with the CISO Deputy CISO Enterprise Security Architecture and key stakeholders a multiyear cyber transformation strategy and integrated program roadmap.

• Translate current-state challenges evolving cyber and regulatory requirements and emerging technology trends into a sequenced prioritized and well-governed program of work.

• Develop and own the transformation business case securing stakeholder alignment and supporting the CISO with obtaining executive and Boardlevel sponsorship and funding.

• Design and establish a costeffective outcomedriven hybrid delivery model optimally blending bestofbreed system integrators specialist consultancies contractors and internal capability.

• Act as an integrator across ISO Group IT functions (Infrastructure Cloud Application Development etc.) and Enterprise Architecture to align cyber transformation initiatives with broader technology roadmaps delivery capacity and operational priorities.

• Drive endtoend execution of a global matrixed transformation program across all workstreams coordinating internal teams (within and outside of ISO) and external delivery partners.

• Partner with the ISO and Enterprise Project Management Offices to establish and run effective programme governance including KPIs reporting rhythms decision rights and integrated management of risks issues dependencies and interlocks across related change initiatives.

• Manage the program budget and maximize value realization from AIGs strategic vendor and systemintegrator partnerships.

• Ensure delivered outcomes measurably reduce cyber risk and strengthen operational resilience with all initiatives anchored to industry-recognized cyber frameworks (e.g. NIST CSF Secure Controls Framework etc.).

Essential Experience

• 15 years of experience across cybersecurity technology and enterprise transformation operating at senior levels within complex global organizations.

• Proven history of defining transformation strategy and delivering multiyear multigeography change endtoend from program design and mobilization through execution and benefits realization.

• Deep understanding of core cyber security domains including identity and access management (IAM) cloud security SOC / SecOps data protection vulnerability management and thirdparty risk together with a strong grasp of operational resilience and regulatory expectations.

• Substantial experience leading delivery through external partners including Big 4 consultancies system integrators and specialist vendors with accountability for outcomes commercials and delivery quality.

• Demonstrated experience engaging with boards regulators and senior nontechnical executives on cyber transformation risk and delivery progress.

Core Competencies

• Transformation Judgement & Systems Thinking

  • Demonstrates the ability to reason across strategy architecture operating model and delivery constraints as a coherent system. Understands second- and third-order impacts of cyber transformation decisions on cost resilience risk posture and organizational capacity.

• Program and Portfolio Discernment

  • Exhibits strong judgment over what matters most in complex change environmentsdistinguishing signal from noise prioritizing constrained resources and knowing when to intervene reset direction or allow delivery teams to progress. Comfortable making informed tradeoffs under uncertainty.

• Global Distributed Leadership Effectiveness

  • Able to operate effectively as part of a globally distributed leadership team working across regions and time zones and maintaining momentum responsiveness and decision quality when collaboration requires flexibility to engage with Japan and USbased stakeholders.

• RiskInformed Decision Making

  • Applies a mature outcome-focused risk mindset that balances control strength resilience and business enablement. Understands how cyber frameworks translate into real-world assurance and exercises judgment in applying standards proportionately based on context.

• Executive Presence & Influencing Credibility

  • Brings presence clarity and confidence in senior forums. Able to influence executive and boardlevel decisions through reasoned argument evidence and insightrather than authority alonewhile providing credible challenge when risk delivery or ambition are misaligned.

  • Establishes trust and momentum across both technical and business stakeholders translating cyber intent into shared ownership rather than perceived ISOled mandate.

• Organizational & Matrix Leadership Maturity

  • Understands how large matrixed organizations function in practice. Navigates competing priorities incentives and power structures effectively enabling progress without relying on formal authority.

  • Comfortable leading complex change multiple internal teams where authority is distributed incentives differ and alignment must be created through credibility persistence and pragmatism.

• Commercial Realism & Partner Savviness

  • Demonstrates sophistication in working with external partners recognizing common delivery and commercial failure modes. Brings realism to sourcing vendor performance and dependency risk with an instinct for driving accountability without over-engineering governance.

• Delivery Resilience & Adaptive Leadership

  • Maintains effectiveness when complexity ambiguity and pressure are high. Adapts leadership style to context stays outcomesfocused during disruption or escalation and provides steadiness and direction when conditions are uncertain or deteriorating.

• Modern Security Architecture & ThreatInformed Design Thinking

  • Brings a contemporary security architecture mindset shaped by rapidly evolving threat dynamics including AI-enabled attack techniques. Moves beyond static control-centric or checklist-driven approaches instead emphasizing adaptive architectures trust boundaries identity-centric design data-centric protection and resilience by design. Demonstrates the ability to question legacy assumptions anticipate how threat capabilities are changing and guide the organization toward security models fit for the environment it is becomingnot merely the one it has historically optimized for.

Reporting Line

• On a daytoday basis this role reports to the Global Deputy CISO.

• Given the strategic importance of the transformation program the role also maintains a dottedline reporting relationship to the Global this capacity the role partners closely with the CISO to shape program scope priorities and the overall business case and is accountable for steering endtoend delivery.

• The role requires extensive collaboration with senior technology and security leaders including the Group CIO CTO and Heads of IAM Security Engineering Security Operations Threat Management Security Architecture and the Office of the CISO. The role is expected to work horizontally across IT and Business leadership acting as a unifying force that aligns the cyber transformation agenda with IT and business priorities.

• This role is a member of the ISO Extended Leadership Team.

Education & Qualifications

• Bachelors degree or equivalent professional experience in Information Security Computer Science Engineering or a related discipline.

• Recognized cybersecurity certification(s) such as CISSP or equivalent demonstrating breadth across security domains and risk management.

• Formal program and project delivery certification (e.g. PRINCE2 Practitioner MSP or equivalent) evidencing structured execution of largescale change.

At AIG we value in-person collaboration as a vital part of our culture which is why we ask our team members to be primarily in the office. This approach helps us work together effectively and create a supportive connected environment for our team and clients alike.

Enjoy benefits that take care of what matters

At AIG our people are our greatest asset. We know how important it is to protect and invest in whats most important to you. That is why we created our Total Rewards Program a comprehensive benefits package that extends beyond time spent at work to offer benefits focused on your health wellbeing and financial securityas well as your professional developmentto bring peace of mind to you and your family.

Reimagining insurance to make a bigger difference to the world

American International Group Inc. (AIG) is a global leader in commercial and personal insurance solutions; we are one of the worlds most far-reaching property casualty networks. It is an exciting time to join us across our operations we are thinking in new and innovative ways to deliver ever-better solutions to our customers. At AIG you can go further to support individuals businesses and communities helping them to manage risk respond to times of uncertainty and discover new potential. We invest in our largest asset our people through continuous learning and development in a culture that celebrates everyone for who they are and what they want to become.

Welcome to a culture of inclusion

Were committed to creating a culture that truly respects and celebrates each others talents backgrounds cultures opinions and goals. We foster a culture of inclusion and belonging through learning cultural awareness activities and Employee Resource Groups (ERGs). With global chapters ERGs are a cornerstone for our culture of inclusion. The talent of our people is one of AIGs greatest assets and we are honored that our drive for positive change has been recognized by numerous recent awards and accreditations.

AIG provides equal opportunity to all qualified individuals regardless of race color religion age gender gender expression national origin veteran status disability or any other legally protected categories.

AIG is committed to working with and providing reasonable accommodations to job applicants and employees with disabilities. If you believe you need a reasonable accommodation please send an email to .

#AIGPP

Functional Area: