Bring your career aspirations to life with AIA!

Responsible for ensuring the security and integrity of AIA's information systems and cyber environment

We are looking for security architecture who has strong hands-on experiences in designing and/or reviewing Cloud Security for various inter-connected application and infrastructures, especially in the area of Cloud authentication, authorization, information protection, Compliance and cryptographic controls for both cloud environment and on-premise. This position is responsible for providing security consultation, security design review, application assessment and cloud migration for the strategic digital solutions across technology to ensure secure solutions for business growth.

ROLES & RESPONSIBILITIES:

Cloud Security and Information Protection

• Design and/or review application security architecture proposal for various security-driven initiatives or business-driven initiatives for cloud environment
• Design and/or review authentication and authorization flow of the applications in the Cloud, whether it is aligned with security best practices and organization's IT security technology policy & procedure in terms of the strength of access controls, session management, cache management, cookie management, token management, cryptographic algorithm, and information/data protection.
• Provide feasible application security architecture review and recommendations or guidance based on proposed application changes either it is initiated by application development team or business users.
• Assess the security aspect of new proposed application tools / platforms from application team, and relevance/consequences to existing security architecture
• Work closely with application development team to proactively stay on top of latest secure application architecture design to deliver thorough security recommendation aligned with organization's IT security technology policy & procedure.
• Work with application team to provide Cloud security advisory and perform Cloud security assessment for the application migration to the Cloud
• Facilitate challenging application security architecture conversations and provide acceptable solutions where IT standards are contradicting with business demands to achieve acceptable business solutions without sacrificing security and compliance aspects.
• Interpret security and technical requirements into business requirements and communicate security risks to relevant stakeholders ranging from business leaders to engineers.
• Direct and influence multi-disciplinary teams in implementing and operating Cyber Security controls in the Cloud.
• Collaborate with application developers and database administrators to deliver creative solutions to difficult technology challenges and business requirements.
• Execute security architectures for cloud cloud/hybrid systems.
• Responsible for automating security controls, data and processes to provide improved metrics and operational support.
• Stay abreast of emerging security threats, vulnerabilities and controls.
• Spot and execute new security technologies and best practices into the company’s Cloud offerings.

Specialized Information Security Domains

• The role may be called upon to lead or be involved in reviewing or standardizing the information security architecture across key digital solutions especially on cloud security, application security and data security.
• Assist in security review and coordination for Technology division application development teams, where applicable
• Although this is an individual contributor role, the candidate should also expect to perform the role of a specialist mentor to the junior members of the staff within the team

JOB REQUIREMENTS:

• Education –

University degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems)

• Experience –

• Minimum 10 years of experiences of information security domain, especially hands on experience for Cloud Security
• Preferable to have application development or Cloud Engineer background with hands-on experiences of designing and/or reviewing application security or infrastructure security in the Cloud (IaaS, PaaS, SaaS)
• Working experiences in insurance / banking / financial industry is preferred
• Certifications related to security architecture or Cloud Security is preferable, such as CCSP, Azure DevOps certification, Azure Solutions Architect certification, etc.
• Good interpersonal and communication skill
• Good team player with a high integrity, proactive mindset, and strong ownership

• Certifications/licenses –

• Preferably a holder of one or more of the following information security and audit qualifications: CISSP, CISA, CRISC, CCSP

• Technical skills

• Cloud platform: Microsoft Azure
• OS: Windows, Linux
• Containerisation platform: docker
• Orchestration: Kubernetes
• Application framework: NodeJS, ReactJS, .NET, JSON
• API: Webmethods API Gateway, Experience API
• Code repository: GitHub, Bitbucket
• CI/CD pipelines: Azure DevOps, Bamboo, Jenkins
• Security scanning tools: Veracode, SonarQube, Snyk

Build a career with us as we help our customers and the community live healthier, longer, better lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.