Bring your career aspirations to life with AIA!

Working in conjunction with other professional colleagues and specialists, the Expert is responsible to the development and implementation of technology risk management governance programmes with the alignment of the Group Information Security’s strategic direction.

He/she is also responsible for technology disaster recovery planning and the coordination of periodic drill exercises.

Roles and Responsibilities:

This position plays an important role in supporting management and Head of Information Security (“IS”) of AIA Hong Kong and Macau to promote and enhance the maturity of IT/cyber security of the organisation.  This is to be done through the development of robust governance and information security management programmes, coupled with well-planned implementation and comprehensive reporting to ensure effective execution of security strategies.

(Daily Operation) Information Security Governance & Control

• Develop and manage the information security governance framework and risk portfolio, which follows the AIA’s IT policies, standards and guidelines;
• Manage regular cyber security assessments including vulnerability scanning, independent testing and validation of IT infrastructure and applications to ensure that security standards are met and plans are achieved;
• Drive the deployment of strategic information security solutions to IT infrastructure and systems.

Business Continuity and Technology Disaster Recovery Planning

• Conduct business impact analysis and continuity risk assessments of critical assets;
• Oversee the design, implementation, and communication of technology disaster recovery plans and processes;
• Evaluate and recommend technology recovery strategies and options, and help implement solutions;
• Oversee the periodic drill exercises of technology disaster recovery plans to validate adequacy and readiness of plans and prepare reports for management.

Miscellaneous

• Lead ad-hoc cross-functional teams on special projects or strategic initiatives relating to IS;
• Develop plans to uplift the technology risk standard and resiliency across the organization;
• Communicate with group offices, business partners, corporate clients, IT vendors and external parties on IT security matters, as and when needed.

​

Minimum Job Requirements:

• Degree holder in Computer Science, Information Systems, Risk Management, or a related discipline;
• Minimum of 10 years of relevant and solid experience in risk management and control (preferably in the area of information security and technology risk), gained from international financial institutions or financial regulators;
• Holder of relevant audit professional qualification and/or IT security certificates preferred (such as CISA, CISM, CISSP etc.);
• Solid experience in handling audit-related assignments and cybersecurity assessments against information security frameworks or standards, such as HKMA’s CRAF, ISO 27001, NIST Cyber, etc.;
• Familiar with relevant control requirements from different regulatory bodies of Hong Kong, such as Insurance Authority, Mandatory Provident Fund Schemes Authority, etc.;
• Excellent communication (written and oral) skills, and demonstratable experience as a highly effective facilitator of cross functional teams;
• Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative to work creatively and analytically when solving problems;
• You are required to obtain the relevant licence(s) if your job involves regulated activities.

Build a career with us as we help our customers and the community live healthier, longer, better lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.