Director, Cyber Transformation in London

The Cyber Transformation Director is responsible for designing and driving AIG’s cybersecurity transformation program. This role will ensure that the Information Security Office (ISO) can respond effectively to accelerating technology change, emerging threats, and the velocity and scale of AI-driven cyber risks, while also continuing to maintain strong business-as-usual cybersecurity operations and a high degree of cyber hygiene throughout the transformation period.

Operating at enterprise scale, the role translates cyber and business strategy into an integrated, outcome-driven program consisting of formalized, well-governed change projects that will deliver measurable risk reduction and a demonstrable return on security investment. Success in the role will depend on the individual’s ability to mobilize, align, and sustain delivery across ISO, IT, and Business Units; often driving change through influence rather than direct control.

• Define, in partnership with the CISO, Deputy CISO, Enterprise Security Architecture, and key stakeholders, a multi‑year cyber transformation strategy and integrated program roadmap.
• Translate current-state challenges, evolving cyber and regulatory requirements, and emerging technology trends into a sequenced, prioritized, and well-governed program of work.
• Develop and own the transformation business case, securing stakeholder alignment and supporting the CISO with obtaining executive and Board‑level sponsorship and funding.
• Design and establish a cost‑effective, outcome‑driven hybrid delivery model, optimally blending best‑of‑breed system integrators, specialist consultancies, contractors, and internal capability.
• Act as an integrator across ISO, Group IT functions (Infrastructure, Cloud, Application Development etc.), and Enterprise Architecture to align cyber transformation initiatives with broader technology roadmaps, delivery capacity, and operational priorities.
• Drive end‑to‑end execution of a global, matrixed transformation program across all workstreams, coordinating internal teams (within and outside of ISO) and external delivery partners.
• Partner with the ISO and Enterprise Project Management Offices to establish and run effective programme governance, including KPIs, reporting rhythms, decision rights, and integrated management of risks, issues, dependencies, and interlocks across related change initiatives.
• Manage the program budget and maximize value realization from AIG’s strategic vendor and system‑integrator partnerships.
• Ensure delivered outcomes measurably reduce cyber risk and strengthen operational resilience, with all initiatives anchored to industry-recognized cyber frameworks (e.g., NIST CSF, Secure Controls Framework etc.).

• 15+ years of experience across cybersecurity, technology, and enterprise transformation, operating at senior levels within complex, global organizations.
• Proven history of defining transformation strategy and delivering multi‑year, multi‑geography change end‑to‑end, from program design and mobilization through execution and benefits realization.
• Deep understanding of core cyber security domains, including identity and access management (IAM), cloud security, SOC / SecOps, data protection, vulnerability management, and third‑party risk, together with a strong grasp of operational resilience and regulatory expectations.
• Substantial experience leading delivery through external partners, including Big 4 consultancies, system integrators, and specialist vendors, with accountability for outcomes, commercials, and delivery quality.
• Demonstrated experience engaging with boards, regulators, and senior nontechnical executives on cyber transformation, risk, and delivery progress.

• Transformation Judgement & Systems Thinking: Demonstrates the ability to reason across strategy, architecture, operating model, and delivery constraints as a coherent system.
• Program and Portfolio Discernment: Exhibits strong judgment over what matters most in complex change environments—distinguishing signal from noise, prioritizing constrained resources, and knowing when to intervene, reset direction, or allow delivery teams to progress.
• Global, Distributed Leadership Effectiveness: Able to operate effectively as part of a globally distributed leadership team, working across regions and time zones, and maintaining momentum, responsiveness, and decision quality when collaboration requires flexibility to engage with Japan‑ and US‑based stakeholders.
• Risk‑Informed Decision Making: Applies a mature, outcome-focused risk mindset that balances control strength, resilience, and business enablement.
• Executive Presence & Influencing Credibility: Brings presence, clarity, and confidence in senior forums. Able to influence executive and board‑level decisions through reasoned argument, evidence, and insight—rather than authority alone.
• Organizational & Matrix Leadership Maturity: Understands how large, matrixed organizations function in practice. Navigates competing priorities, incentives, and power structures effectively.
• Commercial Realism & Partner Savviness: Demonstrates sophistication in working with external partners, recognizing common delivery and commercial failure modes.
• Delivery Resilience & Adaptive Leadership: Maintains effectiveness when complexity, ambiguity, and pressure are high.
• Modern Security Architecture & Threat‑Informed Design Thinking: Brings a contemporary security architecture mindset shaped by rapidly evolving threat dynamics.

On a day‑to‑day basis, this role reports to the Global Deputy CISO. Given the strategic importance of the transformation program, the role also maintains a dotted‑line reporting relationship to the Global CISO.

• Bachelor’s degree or equivalent professional experience in Information Security, Computer Science, Engineering, or a related discipline.
• Recognized cybersecurity certification(s) such as CISSP or equivalent, demonstrating breadth across security domains and risk management.
• Formal program and project delivery certification (e.g., PRINCE2 Practitioner, MSP or equivalent), evidencing structured execution of large‑scale change.

At AIG, we value in-person collaboration as a vital part of our culture, which is why we ask our team members to be primarily in the office. This approach helps us work together effectively and create a supportive, connected environment for our team and clients alike.

At AIG, our people are our greatest asset. We know how important it is to protect and invest in what’s most important to you. That is why we created our Total Rewards Program, a comprehensive benefits package that extends beyond time spent at work to offer benefits focused on your health, wellbeing and financial security—as well as your professional development—to bring peace of mind to you and your family.

American International Group, Inc. (AIG) is a global leader in commercial and personal insurance solutions; we are one of the world’s most far-reaching property casualty networks. It is an exciting time to join us — across our operations, we are thinking in new and innovative ways to deliver ever-better solutions to our customers.

We’re committed to creating a culture that truly respects and celebrates each other’s talents, backgrounds, cultures, opinions and goals. We foster a culture of inclusion and belonging through learning, cultural awareness activities and Employee Resource Groups (ERGs).

AIG provides equal opportunity to all qualified individuals regardless of race, color, religion, age, gender, gender expression, national origin, veteran status, disability or any other legally protected categories.

AIG is committed to working with and providing reasonable accommodations to job applicants and employees with disabilities. If you believe you need a reasonable accommodation, please send an email to candidatecare@aig.com.