Bring your career aspirations to life with AIA!
Develop and implement governance and communications programmes on information security and technology risk management and support related regulatory and IT-audit activities
Roles and Responsibilities :
This position plays a significant role in supporting management and Head of Information Security and Technology Risk ( IS&TR ) of AIA Hong Kong and Macau to promote and enhance the maturity of IT / cyber security of the organisation, as well as related entities (such as AIA Investment Management).
This is to be done through a robust governance, technology risk management and compliance programmes, coupled with well-planned communications and awareness-raising programmes tailored for different internal and external stakeholders.
Therefore, while the individual taking up this role may not need to be an IT technical expert, he or she must be a quick learner who can grasp a wide range of IT / cyber security topics.
The individual must also be a great communicator who can convey messages in English and Chinese involving highly technical IT / cyber risk concepts to all levels of staff (for instance, for awareness-raising campaigns) and to strategic stakeholders (such as regulators, auditors and corporate clients) in an efficient and professional manner.
Daily operation) Technology Compliance & Control
Develop and manage technical risk governance framework & risk portfolio, which follows the AIA’s IT control standards and guidelines.
Communications and engagement with regulators, auditors
Lead and coordinate internal efforts to support compliance assessment and
security audits conducted by regulators and internal / external auditors;
Coordinate inputs and craft accurate and effective responses to enquiries on IS&TR matters coming from regulators and auditors
Awareness-raising campaigns for staff
Organise regular and frequent activities and develop localised materials to raise the awareness of staff at all levels on various cybersecurity controls and practices, and other topical issues
Maintain and curate the internal IS&TR Information Hub in company intranet
Lead ad-hoc cross-functional teams on special projects or strategic initiatives relating to IS&TR
Manage and communicate with group offices, business partners, corporate clients, IT vendors and external parties on IT security matters, as and when needed
Minimum Job Requirements :
Degree holder in Computer Science, Information Systems, Business, Finance, Risk Management, or a related discipline.
Minimum of 10 years of relevant and solid experience in risk management and control (preferably in the area of information security and technology risk), gained from international financial institutions or financial regulators.
Holder of relevant audit professional qualification and / or IT security certificates preferred (such as CISA, CISM, CISSP etc.).
Solid experience in handling audit-related assignments and cybersecurity assessments against information security frameworks or standards, such as HKMA’s CRAF, ISO 27001, NIST Cyber, etc.
Familiar with relevant control requirements from different regulatory bodies of Hong Kong, such as Insurance Authority, Mandatory Provident Funds Schemes Authority, etc.
Excellent communication (written and oral) skills, and demonstratable experience as a highly effective facilitator of cross functional teams.
Excellent leadership and management skills and proven ability to build, manage and foster a team-oriented environment.
Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative to work creatively and analytically in a problem-solving environment.
You are required to obtain relevant licence if your job involves in regulated activities.
Candidates with more relevant experience will be considered as Associate Director, Information Security.
Build a career with us as we help our customers and the community live healthier, longer, better lives.
You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application.
You are responsible for ensuring that the information you submit is accurate and up-to-date.