At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.
It’s about finding new ways to not only better people's lives, but to better the communities and environments we live in. Encompassing our ambition of helping a billion people live Healthier, Longer, Better Lives by 2030.
And to get there, we need ambitious people who believe in playing an important part in shaping that future. People seeking unmatched career and personal growth opportunities, who are driven to work with, and learn from some of the most inspiring and supportive leaders in the business.
Sound like you? Then read on.
JOB DESCRIPTION SUMMARY
This position is responsible for providing consultation and professional advice on key technology and information security risk matters relating to the abovementioned geographical responsibilities, thereby adding value to building a strong information security risk culture centred on people, processes and technology. The role will also coordinate regular governance review engagements and being involved in technology-related audit engagements for the abovementioned geographical locations. The role requires professional judgment and assessments on material to be provided by the various process and control owners for the audits.
WHAT YOU’LL BE DOING
Risk Assessments, Audit and Regulatory Management
- Facilitate and drive Technology related audit engagements with statutory auditor and regulator, following up with relevant parties to ensure all issues identified are remediated
- Facilitate and drive annual IT risk and control self-assessment exercises according to MAS regulatory notices/guidelines, internal enterprise IT policies, and standards
- Coordinate independent reviews of the entities’ compliance against various information security and technology risk regulations such as MAS TRM Guidelines, MAS 132 Notice on Cyber Hygiene and MAS 127 Notice on TRM for AIA Singapore, as well as Brunei technology risk regulations for AIA Brunei.
- Support in the divisions’ risk and controls assessment exercises, as well as quarterly internal controls for financial reporting controls assessments
- Support the assurance initiatives under the First Line of Defense to uplift the technology and cyber controls landscape for the Company
Information Security & Technology Risk Metrics
- Support the alignment of various information security and technology risk metrics for management reporting and escalation – this includes reporting/escalation of outstanding or overdue action required from penetration tests, vulnerability assessments, security incidents, policy/standards deviations, third party security assessments, etc.
- Review and assess collated metrics and material for consistency checks and trends
Policy, Standards and Exception Management
- Communicate material changes to internal policies/standards to stakeholders Facilitate risk evaluations and exception handling to deviations from the policies, standards and regulatory requirements
Risk & Compliance Initiatives
- Assist in enterprise-wide risk and compliance coordination for Technology division, where applicable
WHAT WE ARE LOOKING FOR
- Bachelor’s Degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems)
- 5-10 years of relevant work experience, including at least 3 years of experience in IT audit, risk management, compliance and/or governance roles, with particular expertise and knowledge of governance reporting of technology risk issues and cybersecurity
- Work experience in financial industry, big tech firms or established auditing firms will be considered favorably
Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.
You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.
