At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.
As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.
To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.
If you believe in developing a better tomorrow, read on.Â
About the Role
Provide specialist support to drive the AIA Singapore’s Information and Cyber Security Awareness Programme, to meet the objectives of the MAS TRM Guidelines and MAS Cyber Hygiene Notice.
Support in maintaining a high level of cyber hygiene awareness levels of our people, including Board, Senior Management, staff, distribution force and third-party service providers.
Explore innovative learning solutions to inculcate a more people-centric, people-led security awareness culture.
Continuously uphold and uplift the branding of ISG and confidence in our security capabilities through robust communication, security capabilities advisory and partnership with various business functions as well as supporting leadership in exploring new means of improving productivity and streamlining of security processes.
WHAT YOU’LL BE DOING:
Assist in delivering training programmes to maintain high levels of information security capabilities of stakeholders in the four entities in scope (i.e Board members, EXCO/Senior Management, staff, agents, Tech staff, contract personnel, agents and third party service providers).
Establish security capabilities and awareness requirements through detailed gap analysis from various channels, such as interviews, past phishing exercise results and e-learning coverage.
Work with global Information Security function to manage the phishing exercises for staff and apply the rewards and consequence management based on the results of each exercise.
Drive the phishing exercises for our retail distribution force, working with Tied Distribution management to apply the rewards and consequence management based on the results of each exercise.
Support the planning and execution of cyber security training initiatives for the Board of Directors and Senior Management.
Work with the other ISG functions to create topical security awareness modules and training, such as for TPSA, Incident Management, Risk Registry, etc.
Oversee the delivery of security awareness for third party service providers with critical and high risk to AIA Singapore.
Support delivery of security campaigns to foster a high level of partnership and cyber hygiene knowledge of stakeholders such as staff and agents.
Support delivery of regular secure coding training, with gamification approaches, to elevate the attention and skillset of our IT teams/developers in the area of application security.
Explore in-house development or existing solutions with security competency vendors to gamify the security learning experience for all stakeholders to achieve a people-centric, people led security awareness programme.
Collaborate harmoniously and effectively with various internal business functions and Risk teams to evolve a highly positive risk and security awareness culture across the four entities.
Downward trend in cyber security incidents and data privacy related incidents arising from improved security capabilities amongst stakeholders
High take up rate and good response from stakeholders for post-transformed security awareness programme, in terms of security awareness solutions delivered
Increased proportion of staff and agents recorded as reporting the simulated phishing emails during the regular phishing/social engineering exercises
Improved productivity from ISG BAU services through completion of process automation initiatives
WE ARE LOOKING FOR SOMEONE WITH | YOU WILL HAVE:
Bachelor’s degree of Computer Science, Computer Engineering, or other related degrees.
Minimum 8 years of experience with at least 3 years’ of experience driving security awareness programme in major tech firms or  regulated organization (e.g. Government, FIs).
Good conceptual knowledge of cybersecurity threats and processes.
Highly driven professional passionate in the world of cyber security and keenness to share knowledge to the wider audience in this area.
Hands-on experience in security awareness tools and solutions is a requirement.
Candidates who had undergone successful attempts at transforming processes through automation techniques, such as RPA, scripting are welcome.
Good to have but not mandatory - Information Systems Security professional certifications, such as CISSP, CISA, CRISC, CISM or CC.
Excellent Communication, Coordination and Interpersonal Skills. The communication network of the incumbent is expected to be internally within Technology Department (15%) and Enterprise Risk Management, Compliance, Internal Audit (10%), Business Departments (45%), Senior Management and Sub-Committees (5%),Group Technology and Group Information Security (10%) and external with Vendors and Service Providers (15%).
A team-player taking ownership and helping colleagues.
Analytical skills
Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.
You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.