Bring your career aspirations to life with AIA!

This position is responsible for providing consultation, professional advice, awareness/training on information security and key technology risk matters relating to the abovementioned geographical responsibilities, thereby adding value to building a strong information security risk culture centred on people, processes and technology. The role will also coordinate regular governance engagements and being involved in technology-related regulatory and audit engagements for AIA Singapore, and exercise professional judgment and assessments on the material to be provided by the various process and control owners for the audits.

Risk Assessments, Audit and Regulatory Management

• Lead Technology related audit engagements with statutory auditor and regulator, following up with relevant parties to ensure all issues identified are remediated
• Annual IT risk and control self-assessment exercises according to MAS regulatory notices/guidelines, internal enterprise IT policies, and standards

Information Security & Technology Risk Metrics

• Support the alignment of various information security and technology risk metrics for management reporting and escalation – this includes reporting/escalation of outstanding or overdue action required from penetration tests, vulnerability assessments, security incidents, policy/standards deviations, third party security assessments, etc.
• Review and assess collated metrics and material for consistency checks and trends

Technology Data Privacy and Risk Champion

• Support the inculcation of a good security and data privacy/protection culture for staff within the Technology function, including incident management and communicating necessary advisories or awareness material to this goal

Policy, Standards and Exception Management

• Communicate material changes to internal policies/standards to stakeholders Facilitate risk evaluations and exception handling to deviations from the policies, standards and regulatory requirements

Specialized Areas Governance

• The role may be called upon to lead or be involved in ensuring governance of specialized areas under information security, such as the governance of operations in the areas of IAM, cloud security, application security, etc.
• Assist in enterprise-wide risk and compliance coordination for Technology division, where applicable

Requirements

Education

• University degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems)

Experience

• At least 12 years of IT experience, audit, risk management, compliance and governance roles, with particular expertise and knowledge of governance reporting of technology risk issues and cybersecurity
• Rich working experience from financial industry, big tech firms or established auditing firms will be considered favorably
• Experience and exposure in information security standards such as ISO27001 and PCIDSS will be an advantage

Certifications/licenses

• Preferably a holder of one or more of the following information security and audit qualifications: CISSP, CISA, CRISC, CCSP

Although this is an individual contributor role, the candidate should also expect to perform the role of a specialist mentor to the junior members of the staff within the department.

Build a career with us as we help our customers and the community live healthier, longer, better lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.