Technology Risk Governance & Control, Principal

Posted:
10/12/2024, 9:01:24 AM

Location(s):
Federal Territory of Kuala Lumpur, Kuala Lumpur, Malaysia ⋅ Kuala Lumpur, Malaysia

Experience Level(s):
Expert or higher ⋅ Senior

Field(s):
IT & Security

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on. 

About the Role

The role will be responsible for the security architecture in a field of responsibility (i.e. IT applications, IT infrastructure, digital workplace, or cloud solutions), design and develop IT security solutions meeting business needs while mitigating cyber risks.
In close collaboration with our Enterprise Architecture, IT Risk & Security, and Group Information Security teams, you contribute to the development of the company´s IT security architecture and cyber defense capabilities.
The post holder would typically drive beneficial security change through the development and review of enterprise architectures designs to ensure they meet and support the business requirements. This entails ensuring appropriate and proportionate mitigations to risks that support safe and secure operations without hindering the needs of the business.

Job Responsibilities

  • Works with the Enterprise Architect and Group Security Enterprise Architect, takes the Business security requirements and responsible in the development of an Enterprise Security Architecture incorporating hosting, infrastructure applications and cloud-based solutions laying out a set of security design principles, and a set of security functions and mechanisms to implement the security controls needed to achieve stated security objectives.
  • Interprets relevant security policies and threat/risk profiles into secure architectural solutions that mitigate the risks and conform to regulations and relate to business needs.
  • Determines security requirements by evaluating business strategies and requirements; evaluate/develop/continuous review/improve existing information security standards/process; conducting system security and vulnerability analyses and risk assessments; structure the security requirement of all platform architecture; identifying integration issues; preparing cost estimates.
  • Applies common architectural frameworks (e.g.TOGAF, SABSA).
  • Presents security architecture solutions as a view within broader IT architecture.
  • Devises standard solutions that address requirements delivering specific security functionality whether for a business solution or for a product.
  • Maintains awareness of the security advantages and vulnerabilities of common products and technologies.
  • Designs robust and fault-tolerant security mechanisms and components appropriate to the perceived risks.
  • Develops and implements appropriate methodologies, templates, patterns and frameworks. Implements and updates secure systems, products and components using an appropriate methodology.
  • Defines and/or implements secure development standards and practices including, where relevant, formal methods.
  • Defines and/or implements appropriate secure change and fault management processes.
  • Verifies that a developed component, product or system meets its security criteria (requirements and/or policy, standards and procedures).
  • Specifies and/or implements processes that maintain the required level of security of a component, product, or system through its lifecycle.
  • Manages a system or component through a formal security assessment.
  • Performs other responsibilities and duties periodically assigned by supervisor in order to meet operational and/or other requirements.

Job Requirements

  • Extensive experience in information security and/or IT risk management with a focus on security, performance and reliability
  • Solid understanding of security protocols, cryptography, authentication, authorisation and security
  • Good working knowledge of current IT risks and experience implementing security solutions
  • Experience implementing multi-factor authentication, single sign-on, identity management or related technologies
  • Ability to interact with a broad cross-section of personnel to explain and enforce security measures
  • Excellent written and verbal communication skills as well as business acumen and a commercial outlook

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.