Bring your career aspirations to life with AIA!

To support ISMS and Controls Management team in delivering it’s deliverables and commitments.

This Specialist role will be supporting a Senior Manager or Manager of the Information Security Governance team in delivering one or more of the below Information Security Governance’s core services to AIA Group and local BUs:

ISMS Governance

• Responsible for consolidating overall updates, progress and follow up action items including internal and external audit findings, risk treatment plan, performance measurement metrics, corrective action and preventive action plans for management reporting purposes
• To assist in planning ISMS management review meetings.
• Coordinate internal and external ISMS audits.
• Maintain ISMS mandatory documents and records including coordination of review and updates.
• To keep abreast of industry best-practices, regulatory requirements and changes with regards to Data Protection

Controls Testing

• To assist in preparation of controls testing plan and carry out key control testing based on the control testing framework.
• Work with various stakeholders to identify key controls operated locally and group wide.
• Prepare control testing reports for management review and reporting.
• Follow up on outcome of control testing with control owners.

External Query Management

• To assist business stakeholders and technology risk leads in responding to security assessments and external queries (client & partners)
• Liaison between IT and business team for consolidation of evidence and controls as required by security assessments
• Responsible for consolidating overall updates, progress and action items for management reporting

Other responsibilities

• Performs other responsibilities and duties periodically assigned by immediate Superior in order to meet business requirements

Job requirements :

• Degree in Computer Science or related discipline
• 2 - 6 years’ experience in Information Security /Technology Risk
• Excellent written and verbal communication skills and ability to escalate timely to management.
• Knowledge in Technology Risk Standards and Industry Standards frameworks such as ISO 27001 and NIST.
• Knowledge in regulatory requirements as related to Information Security and Technology Risk.
• Familiar with information security controls, risk management and technical knowledge in areas such as, Infrastructure security, Application Security, Cyber Security, Identity and Access Management
• Certified Information Systems Security Professional (CISSP), Certified Information Security Management (CISM) preferable.

Build a career with us as we help our customers and the community live healthier, longer, better lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.