At AIA we've started an exciting movement to create a healthier, more sustainable future for everyone. As pioneering innovators for over 100 years, we're now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.
To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.
If you believe in developing a better tomorrow, read on. About the Role This position supports the Director of Information Security in advancing the organization's information and cyber security maturity across internal operations and affiliated entities. The role is primarily responsible for leading and overseeing the implementation of robust security controls and governance practices, ensuring alignment with AIA's IT policies, standards, and guidelines. It plays a critical role in safeguarding the confidentiality, integrity, and availability of systems and data, while driving continuous improvement in security operations, risk management, and compliance.
Roles and Responsibilities: This position is responsible for driving daily operations in key areas of information security, including identity and access management (IAM), vulnerability management, and security assessments, while ensuring compliance with company policies and standards, regulatory and audit requirements. Additionally, the role leads the execution of critical local and groupwide information security uplift initiatives, overseeing the deployment of solutions across IT infrastructure and applications, and validating their effectiveness through rigorous testing.
Daily Operations - Information Security Governance & Control (50%) - Develop and maintain the information security governance framework and risk portfolio in alignment with AIA's IT policies, standards, and guidelines.
- Oversee regular security assessments, including identity and access management (IAM) reviews, vulnerability management, remediation activities, and independent testing of IT infrastructure and applications to ensure compliance with security standards.
- Establish and manage processes to proactively identify technology risks and potential security breaches, ensuring continuous protection of organizational systems and data.
- Supervise IAM operations, including access provisioning, role-based access control, and periodic access certifications, ensuring adherence to compliance and audit requirements.
Information Security Uplift Project Execution (40%) - Lead the execution of key local information security initiatives, such as IAM enhancements and vulnerability remediation efforts.
- Drive the deployment of groupwide strategic information security solutions across local IT infrastructure and systems.
- Enhance security assessment practices for applications and infrastructure, providing actionable recommendations to strengthen the organization's security posture.
Strategic and Cross-Functional Engagement (10%) - Lead ad-hoc cross-functional teams on special projects and strategic initiatives related to information security.
- Develop and implement plans to uplift information security controls across the organization.
- Serve as a key liaison with group offices, business partners, corporate clients, IT vendors, and external parties on IT security matters as needed.
Minimum Job Requirements: - Bachelor's degree in Computer Science, Information Systems, Risk Management, or a related discipline.
- Minimum of 10 years of solid and relevant experience in risk management and control, preferably in information security and technology risk, gained from international financial institutions or financial regulators.
- Possession of relevant professional certifications such as CISA, CISM, CISSP, or equivalent is preferred.
- Strong knowledge of regulatory control requirements in Hong Kong, including those from the Insurance Authority, Mandatory Provident Fund Schemes Authority, and other relevant bodies.
- In-depth understanding of identity and access management (IAM), vulnerability management, and security governance frameworks.
- Well-versed in the Software Development Life Cycle (SDLC), with strong hands-on testing skills to validate solutions and ensure quality delivery.
- Excellent written and verbal communication skills, with proven experience in effectively facilitating cross-functional collaboration.
- Confident, trustworthy, and capable of earning the respect and trust of others. Demonstrates independence, initiative, and strong analytical thinking in problem-solving.
Others:
- Required to obtain relevant license(s) if the role involves regulated activities.
Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.
You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.