CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
The Role Digital & Information technologies are empowering customers like never before, transforming how they discover, explore, buy and engage with brands and products. This dynamic environment is putting IT and digital at the forefront of business transformation. IAG's strategy is to build our digital DNA and create the best digital insurance and ancillary company globally by moving towards more open systems and connecting with partners.
In doing this IAG needs to ensure that our uplift in Digital capability is matched with a significant uplift in our information security governance and reporting capability. Working with business and technology stakeholders, you will manage compliance to IAG security Policies and Standards, develop & operate security governance processes and report on IAG's security threats, controls and risks. You will utilise a pragmatic approach that balances defending the enterprise while enabling the business to seize opportunities in an agile manner.
You will be a key member of a team responsible for ensuring appropriate cyber risk management is performed and information and insights are provided to key decision makers at the right time and quality. You will also build and maintain strong stakeholder relationships to contribute to the IAG technology strategy and direction, including the identification and introduction of key technology change initiatives.
Develop and maintain the Enterprise Security Policy and Standards documents (e.g., Policy, standards, guidelines, frameworks and procedures) that are pragmatic and effective in managing Cyber risk to within risk appetite
Manage Cyber security standard exemption records throughout their lifecycle, ensuring appropriate risk mitigation and risk acceptances are properly recorded and documented actions are completed
Provide security governance and oversight of major technology partner services, ensuring technology services are delivered to IAG in a secure manner.
Coordinate "Line 1" Operational risk management activities for Corporate Security Group business unit, including regular reviews of business unit risk profile and controls across all Operational risk classes, not just Cyber
Develop, maintain and distribute operational, management and executive targeted security reports, ensuring pertinent security information and insights are available to decision makers in a timely and quality manner.
Knowledge of security technical control domains such as Identity & Access Management; Threat Intelligence; Vulnerability Management; Security Incident Management; Application, Infrastructure, Data and Network Security
Strong risk management and negotiation skills
Demonstrated vendor management preferred
Cross-cultural listening skills
Strong communication & writing skills (English) and experience authoring policy and compliance documents.
Operational Reporting and data visualisation
Insight into the way that digital transformation and security threats are affecting our industry
Qualifications, Skills & Experience
Demonstrated experience and capability in technology risk management, technology governance, technology compliance or equivalent domains
Demonstrated experience in Cybersecurity risk management.
Experience in business reporting development at Strategic, Operational and Tactical levels.
Experience in developing and monitoring Key Risk Indicators and Key Performance Indicators.
Experience in Financial Services industry preferred
Proven capacity for building relationships and influencing senior stakeholders
Experience with frameworks such as NIST CSF, NIST SP 800-53, ISO27001/2, ISO31000, COBIT
Familiarity with industry regulation, including APRA Prudential Standards, Australian Privacy Act and PCI-DSS
Experience with Governance, Risk and Compliance (GRC) tools such as ServiceNow GRC, Nasdaq Bwise, RSA Archer,
Relevant tertiary qualifications in a field related to the role (technology or commercial)
Relevant professional memberships and certifications
CRISC, CISM, CGEIT qualifications highly regarded
About Us At IAG, we believe that everyone has a unique point of view to share, shaped by their life experiences, cultures & passions. We celebrate and commit to:
#Proud to be me - we value difference, not sameness #Together - harnessing our collective wisdom enables us to be our best for our customers & each other #No boxes - it's not about labels, boxes or categories. It's about building a diverse and inclusive mindset into everything we do
IAG is the largest general insurance group in Australia and New Zealand. IAG owns some of the region's most trusted brands, including NRMA Insurance, CGU, SGIO, SGIC and WFI.
Let's Talk Start your career journey with us and click 'Apply'! Applications will close Monday 3rd February. In addition to a diverse and inclusive culture, some of our benefits include 13% superannuation, 50% insurance discounts, flexible work and leave options, generous parental leave and return to work program, recognition and reward program, and various corporate partner discounts.
We encourage Aboriginal and Torres Strait Islanders to apply for this position. #LI-JC1