Senior Manager, Technology RiskSenior Manager, Technology Risk
AIA Group Limited
Hong Kong

Job Summary

Working in conjunction with other professional colleagues and specialists, the Technology Risk Manager acts as an expert advisor to management concerning technology risks involving or affecting technology, and ensure that technology risks are appropriately measured and prioritized.

He / She is expected to contribute to the development and implementation of technology risk management governance programmes and implementation of the security solutions and initiatives.

Technical Risk Governance

  • Develop and manage security governance framework and risk portfolio, which follows the AIA’s IT control policies and guidelines
  • Define and establish operation processes for the management of identity’s life-cycle; user access and privileged ID usage, with the use of the state-
  • of-the-art vendor solutions

    Subject matter expert on technical solutions for IT security

  • Provide information security consulting and advisory services to IT departments and business units
  • Research and evaluate latest security landscape and emerging security technologies including enterprise mobility and cloud computing
  • Review IT initiatives on technology risk perspective and establish and implement remediating security controls
  • IT Security Operation and Control

  • Provide governance and support over security tools including but not limited identity and access management (I&AM), data loss protection (DLP), network security, end point protection and vulnerability management
  • Manage and coordinate cyber security assessments include vulnerability scanning, independent penetration test on IT infrastructure and applications
  • Work with IT operation to monitor and report suspicious activity
  • Support internal / external audit on compliance assessment and regulatory audit work
  • Manage and coordinate security incident response, handling and investigation process
  • Communication and Training & Awareness

  • Manage and communicate with regional offices, vendors and external parties on security matters
  • Promote cybersecurity and data protection awareness across the corporation
  • Job Requirements

  • Degree holder in Computer Science or Information Systems, or related discipline
  • At least 10 years of relevant experience in IT security or technology risk management, gained from other sizable multi-
  • national banks and insurance companies

  • Solid understanding of IT security products and solutions. Knowledge of SailPoint IIQ and CyberArk is definitely an advantage
  • Familiar with security control and technical knowledge in areas such as : Identification and Authentication, Access Control, Cyber Defence, Infrastructure security, Application security, Cryptography and Data Loss Prevention, Compliance & Vulnerability Assessment, Incident Response & Forensics
  • Preferable to have at least one IT security certification Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC)
  • Experience and practical knowledge on implementing information security frameworks or standards, such as ISO, SOC, COBIT, ITIL is an advantage
  • Knowledge of PCI-DSS and experience in handling with IT Audit will be advantage
  • Analytical and objective; able to elaborate on, characterize, assess and evaluate risks
  • Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative
  • We offer an attractive remuneration package to the successful candidate. Please submit your application by clicking Apply Now for our processing.

    All personal information provided by applicant will be treated in strict confidence and used solely for recruitment purposes.

    The personal information will be used strictly in accordance with AIA’s personal data policies, a copy of which will be provided upon request.

    It is possible that information about the applicant or the applicant’s application will be shared with AIA and its related companies.

    AIA will retain all applications for a period of up to 24 months after which the documents will be destroyed.

    通過點擊“繼續”,我允許neuvo同意處理我的數據並向我發送電子郵件提醒,詳見neuvo的 隱私政策 。我可以隨時撤回我的同意或退訂。