IT Compliance Specialist/Engineer - Software Security Assurance (PCK333-213903) Houston, Texas

- Coordinate software security assessments and ongoing application layer security monitoring with the third party vendor(s) globally.

- Assist in the execution of AIG's Software Security Assurance program supporting all Corporate Functions and Business Units.

- Work with Business application development team members to remediate risk issues identified in the software security assurance assessments;

- Act as subject matter expert providing assessments of application risk as appropriate when required.

- Responsible for contributing information regarding software assurance in assessing and evaluating potential risks involved in granting exceptions and ensuring alignment with the defined information security policies and standards.

- Coordinate with IT and the business stakeholders to ensure effective communication, updating, and maintenance of the Software Assurance Program at the global level supporting all Corporate Functions and Business Units.

- Have a thorough understanding of the IT policies and standards and IT policy lifecycle management process.

- Have a thorough understanding of the common and uncommon threats and vulnerabilities related to applications, architectures and databases.

- Have a thorough understanding of the common and uncommon threats and vulnerabilities related to thin client, thick client, mobile and virtualized applications.

- Monitor and track all Software Assurance Processes in a centralized repository.

- Work with corporate and business unit IT security and compliance representatives to improve process, technology and communications.

- Support corporate and business units in developing action plans to remediate their identified exceptions/issues/findings.

- Support periodic reports/KPIs/metrics regarding risk management processes and action plan closure status, schedule, and trends identified during ongoing examinations, audits, and assessments.

- Establishes and maintains strong working relationships with the Divisional CISOs and other groups involved with application security matters (Legal, Internal Audit, Physical Security, Information Security Management Committee, etc.).

- Brings pressing information security Risks to management's attention so that remedial action can be taken.

- Examines information security risks from a cross-organizational viewpoint including internal and external risks, from a security and compliance perspective and makes appropriate recommendations to protect the company from applicable risks and vulnerabilities.

- Participates as a technical advisor for a variety of ad-hoc information security projects that will be dictated by current business and technological developments.

-Professional Information Security Certification(s) (CISSP, CISM, GIAC etc.);

- Minimum of 5 years experience in Information Security and IT in general;

- Expert knowledge of common application vulnerabilities and their exploitation.

- Clear understanding of various application architectures and their impact on application security.

- Experience with Software Security Assurance Testing Tools.

- Ability to identify mitigating controls.

- Ability to effectively communicate risks of application vulnerabilities.

- Knowledge of Electronic Data Interchange (EDI).

- Knowledge of XML based Web Services.

- Excellent written and oral skills in English.

- Software development experience preferred.

- Familiarity with WhiteHat Security testing protocols strongly preferred.

- Experience within the financial services industry helpful.

- Bachelor's or master's degree in computer science, information systems, engineering, or a related discipline or equivalent experience.

- Experience with technical aspects of IT including networks, servers, application architecture and related information security, regulatory and associated risk issues.

- Experience performing audits, security, vulnerability, penetration tests, assessments and evaluations.

- Ability to clearly interpret and communicate the threats, risks and impacts to all levels of the organization.

- Experience with risk and compliance tools such as Archer and Open Pages is a plus.

- Extensive experience with Word, PowerPoint, Excel.

- High level critical thinking and strategic planning skills.

- Excellent written and verbal communications, effective interpersonal skills, strong formal presentation abilities.

- Project Management Skills is a plus

To apply, please click here