Security Governance, Consultant

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on.

About The Role

This position is responsible for overseeing the security governance domain, providing consultation, professional advice on information security and key technology risk matters relating to the mentioned geographical responsibilities, thereby adding value to building a strong information security risk culture centered on people, processes and technology. The role will require good understanding of security governance in the financial industry, technology risk management methodology and the ability to work cohesively with internal and external stakeholders to maintain the highest standard of security.

Information Security & Technology Risk Metrics Orchestration

• Establish and lead the alignment of the Technology Key Risk Indicators (KRIs) for management reporting and escalation, including the reporting/escalation of outstanding or overdue action required
• Review and assess collated metrics and material for consistency checks and trends
• Oversee the Technology risk committee involving key technology management stakeholders as well as second line of defense
• Ensure proper documented post-meeting minutes and systematic follow-up for the committee and any related follow up discussions
  
  

The first line of defense (1LOD) - Technology Risk Management

• Close supervision on the monitoring and tracking of the end-to-end status of all the IT risk exceptions recorded in eGRC
• Collaborate with inter- and cross-functional teams to assess the risk impact of new initiatives and changes on the division risk profile
• Oversee the risk exceptions derived from Technology related audit engagement and ensure all issues are remediated
  
  

Third-Party Security Risk Management

• Manage the process of assessing and evaluating the security postures of third-party vendors and partners. The includes monitoring of third-party security assessment renewal, assigning the renewal reviews within the team and working closely with outsourced assessors on the status of TPSAs
• Perform due diligence and risk assessments on third party vendors, ensure their compliance to regulatory requirements as well as Group and Local policy and standards
  
  

Governance Framework, Policy and Standards

• Oversee the adherence of all security governance activities to regulatory requirements, compliance standards and Group policies
• Close collaboration with the security champions and communicate material changes to internal policies/standards to stakeholders
• Facilitate risk evaluations and exception handling to deviations from the policies, standards and regulatory requirements
  
  

Specialized Areas Governance

• The role may be called upon to lead or be involved in ensuring governance of specialized areas under information security, such as the governance of operations in the areas of IAM, cloud security, application security, etc.
• Work closely with stakeholders including Technology risk management, Risk and Compliance, Legal, Business as well as other departments within Technology
  
  

The role is an important support to the AD of Security Governance and is expected to perform the role of a mentor to the junior members of the staff within the department

What You Should Have

• University degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Systems, Cyber Security)
• At least 8-10 years of IT experience, audit, risk management, compliance and governance roles, with good expertise and knowledge of governance reporting of technology risk issues and cyber security
• Rich working experience from financial industry is preferred
• Experience and exposure in MAS TRMG and relevant notices, information security standards such as ISO27001 and NIST standard will be an advantage
• Strong knowledge of KRIs and metrics development for security and risk management reporting
• Preferably a holder of one or more of the following information security and audit qualifications: CISSP, CISA, CRISC, CCSP
• Good Communication, Coordination and Interpersonal Skills.
• Mature-thinking, meticulous, strong problem-solving and analytical traits
• High drive, energy and good attitude over teamwork
• Ability to work independently, with high levels of professional integrity
• Eagerness to learn and develop one’s knowledge in information security and risk management
  
  
  

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.

ABOUT AIA

For over a century, AIA has served the ever-changing needs of our customers across Asia-Pacific. Our Purpose to help millions of people live Healthier, Longer, Better Lives is at the heart of everything we do.

As pioneering innovators, we’re now transforming AIA to be faster, simpler and more connected to create better solutions and impactful experiences for our customers and communities. AIA encourages and enables our people to act with clarity, courage and humanity in service of our Purpose.

JOIN US

At AIA, we believe in empowering every one of our people to find their 'better' - in the work they do, the career they build, the life they live and the difference they make. Whether it’s investing better wellbeing, inspiring better learning, building better relationships, or making a better impact on customers, a career at AIA will challenge you to find new ways to pursue your ‘better’.

AIA is committed to building a vibrant, diverse, and inclusive workforce for all employees to thrive in. Join us if you believe in creating a better tomorrow!

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on.

About The Role

This position is responsible for overseeing the security governance domain, providing consultation, professional advice on information security and key technology risk matters relating to the mentioned geographical responsibilities, thereby adding value to building a strong information security risk culture centered on people, processes and technology. The role will require good understanding of security governance in the financial industry, technology risk management methodology and the ability to work cohesively with internal and external stakeholders to maintain the highest standard of security.

Information Security & Technology Risk Metrics Orchestration

• Establish and lead the alignment of the Technology Key Risk Indicators (KRIs) for management reporting and escalation, including the reporting/escalation of outstanding or overdue action required
• Review and assess collated metrics and material for consistency checks and trends
• Oversee the Technology risk committee involving key technology management stakeholders as well as second line of defense
• Ensure proper documented post-meeting minutes and systematic follow-up for the committee and any related follow up discussions
  
  

The first line of defense (1LOD) - Technology Risk Management

• Close supervision on the monitoring and tracking of the end-to-end status of all the IT risk exceptions recorded in eGRC
• Collaborate with inter- and cross-functional teams to assess the risk impact of new initiatives and changes on the division risk profile
• Oversee the risk exceptions derived from Technology related audit engagement and ensure all issues are remediated
  
  

Third-Party Security Risk Management

• Manage the process of assessing and evaluating the security postures of third-party vendors and partners. The includes monitoring of third-party security assessment renewal, assigning the renewal reviews within the team and working closely with outsourced assessors on the status of TPSAs
• Perform due diligence and risk assessments on third party vendors, ensure their compliance to regulatory requirements as well as Group and Local policy and standards
  
  

Governance Framework, Policy and Standards

• Oversee the adherence of all security governance activities to regulatory requirements, compliance standards and Group policies
• Close collaboration with the security champions and communicate material changes to internal policies/standards to stakeholders
• Facilitate risk evaluations and exception handling to deviations from the policies, standards and regulatory requirements
  
  

Specialized Areas Governance

• The role may be called upon to lead or be involved in ensuring governance of specialized areas under information security, such as the governance of operations in the areas of IAM, cloud security, application security, etc.
• Work closely with stakeholders including Technology risk management, Risk and Compliance, Legal, Business as well as other departments within Technology
  
  

The role is an important support to the AD of Security Governance and is expected to perform the role of a mentor to the junior members of the staff within the department

What You Should Have

• University degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Systems, Cyber Security)
• At least 8-10 years of IT experience, audit, risk management, compliance and governance roles, with good expertise and knowledge of governance reporting of technology risk issues and cyber security
• Rich working experience from financial industry is preferred
• Experience and exposure in MAS TRMG and relevant notices, information security standards such as ISO27001 and NIST standard will be an advantage
• Strong knowledge of KRIs and metrics development for security and risk management reporting
• Preferably a holder of one or more of the following information security and audit qualifications: CISSP, CISA, CRISC, CCSP
• Good Communication, Coordination and Interpersonal Skills.
• Mature-thinking, meticulous, strong problem-solving and analytical traits
• High drive, energy and good attitude over teamwork
• Ability to work independently, with high levels of professional integrity
• Eagerness to learn and develop one’s knowledge in information security and risk management
  
  
  

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.

ABOUT AIA

For over a century, AIA has served the ever-changing needs of our customers across Asia-Pacific. Our Purpose to help millions of people live Healthier, Longer, Better Lives is at the heart of everything we do.

As pioneering innovators, we’re now transforming AIA to be faster, simpler and more connected to create better solutions and impactful experiences for our customers and communities. AIA encourages and enables our people to act with clarity, courage and humanity in service of our Purpose.

JOIN US

At AIA, we believe in empowering every one of our people to find their 'better' - in the work they do, the career they build, the life they live and the difference they make. Whether it’s investing better wellbeing, inspiring better learning, building better relationships, or making a better impact on customers, a career at AIA will challenge you to find new ways to pursue your ‘better’.

AIA is committed to building a vibrant, diverse, and inclusive workforce for all employees to thrive in. Join us if you believe in creating a better tomorrow!