At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on. 

About the Role

This position is a Material Risk Personnel who is responsible for the overall Information Security and Technology Governance of AIA Singapore. Identifies and evaluates potential information security risks and ensures their corresponding risk exposures are appropriately addressed such that the company’s image and value are protected. 

Lead the information security team and advise senior management on information security trends to drive cyber security roadmap and enhance our cyber security readiness for the current cyber landscape and uplift the capabilities to tackle the future emerging cyber risks.

Information Security and Governance Management

Advances the overall Information Security and Technology Risk posture of the company, embedding risk culture and programs to secure the IT environment through policy governance, innovative security solutions, process and controls and initiatives, training and awareness programmes and risk reviews.

Information Security Governance

Establishes cyber risk strategy, administer technology policies and processes, deliver awareness programs and provides risks advisory.

Technology Risk Assurance & Compliance

Manage the IT Compliance and Risk Assurance function to embed ensure department compliance to various regulations, policies, procedures and standards through risk-controls assessments, deviation handling and proper closure to all outstanding issues.

Application Security

Identifies and evaluates application security risks and ensures the applications are designed and developed securely meeting all the Enterprise application security standard and regulatory requirements, identified information security risks are appropriately addressed before system go-live.

Information Security Operations

Manage the outsourced operational IT security to ensure high levels of integrity, confidentiality, and availability of IT resources, thus being timely and effective in meeting business and regulatory needs.

Put in place the structure in place to manage cyber security operations and respond effectively to cyber security incidents in a timely manner.

Software Quality Assurance

Ensure compliance to the quality processes (QP) in the systems supporting AIA Singapore through appropriate guidance, controls, and reviews in the SDLC framework.

Budgetary or Financial Control

Responsible for budget of Information Security and Governance unit.

Other Responsibilities

• Downward trend in internal audit overall assessments – reduction in Needs Major Improvements.

• Downward trend in PwC ICFR audit assessments

• Downward trend in security incidents and less DP incidents

• Uplift Cyber Security process, controls, and maturity level

• Support for the Cyber Security score in the annual MAS CRAFT report

• Performs other responsibilities and duties periodically assigned by CTO to meet operational and/or other requirements.

Requirements:

• Bachelor's degree in computer science, information technology, or a related field. Master's degree or relevant certifications (e.g., CISSP, CISM, CISA) preferred.

• Minimum of 15 years of experience in information security, with a focus on managing audit issues with regulators in the insurance industry.

• In-depth knowledge of regulatory requirements and industry standards applicable to the insurance sector, such as MAS TRM, ISO 27001 and PCI-DSS.

• Demonstrated experience in developing and implementing information security strategies, policies, and procedures in a regulated environment.

• Strong understanding of risk management principles and methodologies, with the ability to assess and prioritize security risks based on regulatory requirements and business impact.

• Proven track record of managing audit engagements and addressing audit findings in a timely and effective manner.

• Excellent communication and interpersonal skills, with the ability to interact with regulators, auditors, and internal stakeholders at all levels of the organization.

• Strong leadership and team-building skills, with the ability to motivate and empower team members to achieve common goals.

• Ability to work effectively in a fast-paced environment and manage multiple priorities while maintaining attention to detail and quality.

• Knowledge of emerging technologies and trends in information security, such as cloud security, digital transformation, and cybersecurity automation.

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.