Information & Cybersecurity, Consultant

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on. 

About the Role

Responsible for ensuring the security and integrity of AIA's information systems and cyber environment

Strategic IT Security Support

• Consolidate Security Dashboard updates and ensure potential risk issues have remediation plan and addressed accordingly.
• Monitor and report on compliance with security policies, as well as the enforcement of policies within the IT department.
• Assist in performing on-going security risk assessment test and review targeting application/infrastructure security matters; recommend methods for vulnerability detection and remediation; and coordinate activities on vulnerability testing by internal/external 3rd party security consultants.
• Propose changes to existing policies and procedures to ensure operating efficiency and regulatory compliance.
• Work with Security lead to develop security programs and security projects that address identified risks and business security requirements.
• Manage and coordinate cyber security assessments with vendor include vulnerability scanning, independent penetration test on IT infrastructure and applications.
• Work with Group Tech Risk and Security Operation Center to monitor and report suspicious activity.
• Support internal/external audit on compliance assessment and regulatory audit work.
• Manage and coordinate security incident response, handling and investigation process.
• Train and guide security team and application team over security tools including but not limited to:
  • Data loss protection (DLP);
  • Nessus security center;
  • End-point protection;
  • Qualys Vulnerability management.

Technology Risk & Management

• Provide security communication, awareness and training for IT staffs and end-users
• Support on analyzing security incidents, and participate in problem and change management forums.
• Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.
• Serve as an active and consistent participant in the information security governance process.
• Serve as an active and consistent participant in the information security governance process.
• Work with Security team and technology risk representatives from other Business Units to align metrics and reporting strategies to effectively communicate successes and progress of the security program.
• Manage and communicate with group tech risk, business partners, IT vendors and external parties on IT awareness security matters.
• Follow up with Global Security Incidents and assess against AIA Technology Maturity before presenting to EXCOs.
• Develop plans to uplift the technology risk standard and resiliency across the organization.
• Represent as Tech Risk Lead in various meetings.
• Develop and manage security governance risk portfolio following AIA’s IT Control policies and guidelines.
• Develop the data protection security operation model, with the alignment of the Group TR’s strategic direction.
• Enhance the security and control of AIA in-house developed mobile and web applications.
• Enhance the security operation processes for the management of identity’s life-cycle, privileged ID usage and monitoring of sensitive data.
• Develop, implement and monitor a strategic, comprehensive enterprise information security program in alignment with AIA Group Corporate standards and policies to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the organization.
• Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee.
• Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices (including awareness programs)
• Create and maintain a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection (e.g. RBAC, data owner vs system owner).
• Create, maintain, communicate and implement a risk-based security assessment process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
• Regular reporting on the current status of the information security program to senior business leaders and the board of directors as part of a strategic enterprise risk management program.
• Ensure that security programs are in compliance with relevant laws, regulations and policies to minimize or eliminate risk and audit findings.
• In collaboration with Group Technology Risk, to develop and enhance the existing information security framework to be based on industry standards such as ISO2700x and COBIT/RiskIT.
• Provide strategic security guidance for IT projects, including the evaluation and recommendation of technical controls, liaising closely with other functions such as Enterprise Architecture
• Manage security incidents and events to protect corporate IT assets, including intellectual property, regulated data and the company's reputation.
• Monitor the external threat environment for emerging threats, and advise relevant stakeholders on the appropriate courses of action

Architecture / Engineering Support

• Consult with IT, ERM and compliance to ensure that security is factored into the evaluation, selection, installation and configuration of new IT solutions.
• Recommend and coordinate the implementation of technical controls to support and enforce defined security policies.
• Perform on-going risk assessment and review targeting application/infrastructure security matters; coordinating vulnerability assessment activities, detection and remediation.
• Develop a strong working relationship with the application and infrastructure teams to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements.

Operational Support

• Ensure ongoing awareness of Group Technology Risk policies, processes and standards and external laws and regulations (e.g. BNM)
• Manage the day-to-day activities server management and security control documentation pertaining to application and infrastructure.
• Ensure audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
• Perform pre-audit assessment on security controls.
• Ensuring security training modules and process updates is communicated to all staffs.

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.