Working in conjunction with other professional colleagues and specialists, the Technology Risk Manager acts as an expert advisor to management concerning technology risks involving or affecting technology, and ensure that technology risks are appropriately measured and prioritized.
He / She is expected to contribute to the development and implementation of technology risk management governance programmes and implementation of the security solutions and initiatives.
Technical Risk Governance
Develop and manage security governance framework and risk portfolio, which follows the AIA’s IT control policies and guidelines
Define and establish operation processes for the management of identity’s life-cycle; user access and privileged ID usage, with the use of the state-
of-the-art vendor solutions
Subject matter expert on technical solutions for IT security
Provide information security consulting and advisory services to IT departments and business units
Research and evaluate latest security landscape and emerging security technologies including enterprise mobility and cloud computing
Review IT initiatives on technology risk perspective and establish and implement remediating security controls
IT Security Operation and Control
Provide governance and support over security tools including but not limited identity and access management (I&AM), data loss protection (DLP), network security, end point protection and vulnerability management
Manage and coordinate cyber security assessments include vulnerability scanning, independent penetration test on IT infrastructure and applications
Work with IT operation to monitor and report suspicious activity
Support internal / external audit on compliance assessment and regulatory audit work
Manage and coordinate security incident response, handling and investigation process
Communication and Training & Awareness
Manage and communicate with regional offices, vendors and external parties on security matters
Promote cybersecurity and data protection awareness across the corporation
Degree holder in Computer Science or Information Systems, or related discipline
At least 10 years of relevant experience in IT security or technology risk management, gained from other sizable multi-
national banks and insurance companies
Solid understanding of IT security products and solutions. Knowledge of SailPoint IIQ and CyberArk is definitely an advantage
Familiar with security control and technical knowledge in areas such as : Identification and Authentication, Access Control, Cyber Defence, Infrastructure security, Application security, Cryptography and Data Loss Prevention, Compliance & Vulnerability Assessment, Incident Response & Forensics
Preferable to have at least one IT security certification Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC)
Experience and practical knowledge on implementing information security frameworks or standards, such as ISO, SOC, COBIT, ITIL is an advantage
Knowledge of PCI-DSS and experience in handling with IT Audit will be advantage
Analytical and objective; able to elaborate on, characterize, assess and evaluate risks
Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative
We offer an attractive remuneration package to the successful candidate. Please submit your application by clicking Apply Now for our processing.
All personal information provided by applicant will be treated in strict confidence and used solely for recruitment purposes.
The personal information will be used strictly in accordance with AIA’s personal data policies, a copy of which will be provided upon request.
It is possible that information about the applicant or the applicant’s application will be shared with AIA and its related companies.
AIA will retain all applications for a period of up to 24 months after which the documents will be destroyed.