Associate Director, Information Security Operations

2 weeks ago


Singapore AIA Singapore Private Limited Full time
About the Role

We are seeking an experienced senior manager to lead our information security team, combining strong hands-on technical expertise as well as people management experience in the information security domain. They will lead a team to design and/or review application security including but not limited to penetration test, source code review, Cloud Security and various inter-connected application and infrastructures, especially in the area of authentication, authorization, information protection, and cryptographic controls for both on-premise and cloud environment.

Key Responsibilities
  • Manage the AIA-SG Vulnerability Assessment and Penetration Testing team responsible for delivering the following services to AIA-SG, including Security Architecture:
    • Design and/or review application security architecture proposal for various security-driven initiatives or business-driven initiatives for on-premise and cloud environment.
    • Manage external third-party for application penetration testing engagements.
  • Manage end-to-end infrastructure security activities, such as vulnerability management, servers' security monitoring & hardening, infrastructure as a code, etc.
  • Design and/or review infrastructure security architecture proposal for various security-driven initiatives for on-premise and cloud environment.
  • Manage compliancy level of AIA SG cloud security assets based on ongoing regular scanning according to the defined threshold.
  • Evaluate the security aspect of new cloud-based solutions proposed by application development team, infrastructure team, or business users.
  • Manage various cloud security BAU activities, such as assets provisioning, deprovisioning, hardening, etc.
  • Manage end-to-end application security activities, including application penetration testing, authentication / authorization design / review, and DevSecOps design & roll out.
  • Manage Third Party relationships with industry vendors who undertake security assessment services.
  • Oversight of annual Pen testing schedule.
  • Lead a team to design and/or review application security architecture proposal for various security-driven initiatives or business-driven initiatives for on-premise and cloud environment.
  • Design and/or review authentication and authorization flow of the applications, whether it is aligned with security best practices and organization's IT security technology policy & procedure in terms of the strength of access controls, session management, cache management, cookie management, token management, cryptographic algorithm, and information/data protection.
  • Assess the security aspect of new proposed application tools / platforms from application team, and relevance/consequences to existing security architecture.
  • Work closely with application development and infrastructure team to proactively stay on top of latest secure application design to deliver thorough security recommendation aligned with organization's IT security technology policy & procedure.
  • Supervise the AIA-SG IAM Manager and their team performing IAM Governance functions for the Business Unit.
  • Work with Security Operation Centre (SOC) Team to ensure secure protection of AIA SG environment.
  • Deploy new cyber security initiatives and roll out the platform together with SOC Team.
  • Point of contact for security incident handling and investigation, starting from incident is identified, handled, and resolved.
  • Provide feasible security recommendations or guidance based on queries / changes initiated by application development team, infrastructure team, or business users.
  • Facilitate challenging security conversations and provide acceptable solutions where IT standards are contradicting with business demands to achieve acceptable business solutions without sacrificing security and compliance aspects.
  • Lead promotion of activities to increase information security within your teams to embed and continuously improve adherence to good practice.
  • Drive a continues Learning and Development program for staff training. (with inhouse and external training programs).
Requirements
  • University degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems).
  • Minimum 15 years of experiences of information security domain, especially in Application Security, Infrastructure Security and Cloud Security.
  • Preferable to have application development or infrastructure operation background with hands-on experiences of designing and/or reviewing application security or infrastructure security.
  • Hands-on information security experience in the Multiple Cloud Environment (SaaS, PaaS and IaaS) and Cyber Incident management.
  • Certifications related to security architecture or Cloud Security is preferable, such as CCSP, Azure DevOps certification, Azure Solutions Architect certification, etc.
  • Preferably a holder of one or more of the following information security and audit qualifications: CISSP, CISA, CRISC, CCSP.
  • Good knowledge of latest security technologies and cyber landscape in a highly regulated industry.
  • Good interpersonal and communication skill.
  • Strong leadership with a high integrity, proactive mindset, and strong ownership.
  • Working experiences in insurance / banking / IT industry is preferred.
  • Leading DevSecOps tool experience such as Snyk, Veracode, SonarQube
  • Infrastructure Security: Windows, Linux, AS400.
  • Application framework and Security: NodeJS, ReactJS, .NET
  • Security Advisory and Assessment.
  • Security Incident Management.
  • CI/CD pipelines: Azure DevOps, Bamboo, Jenkins, GitHub, Bitbucket.
About AIA Singapore

AIA Singapore Private Limited is a leading life insurance company in Singapore, providing a wide range of insurance and investment products to individuals and businesses. We are committed to helping our customers and the community live Healthier, Longer, Better Lives.



  • Singapore AIA Singapore Private Limited Full time

    At AIA we've started an exciting movement to create a healthier, more sustainable future for everyone. As pioneering innovators for over 100 years, we're now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier,...


  • Singapore MSD INTERNATIONAL GMBH (SINGAPORE BRANCH) Full time

    Roles & ResponsibilitiesAssociate Director, Regional Security Based in Singapore, the regional hub for Asia Pacific (AP) and top-ranked biopharmaceutical company on the Straits Times and Statista’s list of Best Employers in Singapore for two consecutive years (2020, 2021). Join the premier biopharmaceutical company that has been in...


  • Singapore INSHA TECH SOLUTIONS PTE. LTD. Full time

    Roles & ResponsibilitiesRoles & ResponsibilitiesJob Summary:As the Information Technical Director of INSHA TECH SOLUTIONS PTE LTD , you will be responsible for providing strategic leadership, driving business growth, and ensuring the overall success of the organization. You will work closely with the board of directors and I T Development, Artificial...


  • Singapore MSD INTERNATIONAL GMBH (SINGAPORE BRANCH) Full time

    Roles & Responsibilities Based in Singapore, the regional hub for Asia Pacific (AP) and top-ranked biopharmaceutical company on the Straits Times and Statista’s list of Best Employers in Singapore for two consecutive years (2020, 2021). Join the premier biopharmaceutical company that has been in Singapore for more than 25 years and in AP for over 60...


  • Singapore RANGER INVESTIGATION & SECURITY SERVICES PTE. LTD. Full time

    Roles & ResponsibilitiesJob Responsibilities: Plan and monitor the day-to-day manpower schedule and the operations of the respective sites Conduct OJT training for new hires and conduct refresher on SOP Handle workplace investigation, grievance, and discipline Plan and schedule training for security personnel in alignment with PWM requirement Prepare...


  • Singapore CHARIOTS CAPITAL PTE. LTD. Full time

    Roles & ResponsibilitiesJob Title: Information Technology DirectorLocation: Jurong East, SingaporeWe are seeking a visionary and experienced IT Director to provide strategic Information Technology (IT) leadership, identifying and addressing all IT needs of the company. The IT Director has to establish all IT requirements for company and in implementing IT...


  • Singapore DBS Bank Limited Full time

    Job Title: Senior Associate, Security Data Analyst, Information Security ServicesDBS Bank Limited is seeking a highly skilled and motivated Senior Associate, Security Data Analyst, to join our Information Security Services team. The successful candidate will be responsible for developing and implementing advanced analytical and machine learning models to...


  • Singapore DBS Bank Limited Full time

    Job Title: Senior Associate, Security Data Analyst, Information Security Services, TechnologyDBS Bank Limited is seeking a highly skilled and experienced Senior Associate, Security Data Analyst, to join our Information Security Services team in Technology. As a key member of our team, you will be responsible for developing and implementing advanced...


  • Singapore DBS Bank Limited Full time

    Job Title: Senior Associate, Security Data Analyst, Information Security Services, TechnologyDBS Bank Limited is seeking a highly skilled and motivated Senior Associate, Security Data Analyst, to join our Information Security Services team in Technology. As a key member of our team, you will be responsible for developing and implementing advanced analytical...


  • Singapore TD Bank Group Full time

    Job Title: Information Security AnalystWe are seeking a highly skilled Information Security Analyst to join our team at TD Bank Group. As an Information Security Analyst, you will play a critical role in ensuring the security and integrity of our systems and data.Job Summary:The Information Security Analyst will be responsible for:Conducting real-time...


  • Singapore TITANIUM SAFETY & SECURITY PTE. LTD. Full time

    Roles & ResponsibilitiesJob Description & Requirements Handles and coordinates the administrative aspect for the both traffic and security management department. This includes, but not limited to, collection of deliver orders and ensuring the officers’ notification are up to date. Conducts regular site supervisory checks. Assist the Deployment &...


  • Singapore Mizuho Bank Full time

    Job Title: Cyber Security DirectorCompany Overview:Mizuho Bank, a subsidiary of Mizuho FG, Inc., is a leading financial services company with a global presence. With offices in major cities worldwide, we provide financial and strategic solutions to our diverse and sophisticated clients.Job Summary:We are seeking a highly experienced Cyber Security Director...


  • Singapore TD Bank Group Full time

    Job Title: Information Security AnalystTD Bank Group is seeking a highly skilled Information Security Analyst to join our team. As an Information Security Analyst, you will be responsible for identifying and mitigating potential security threats to our systems and data.Key Responsibilities:Conduct real-time analysis of identified cyber incidents impacting...


  • Singapore Meta Full time

    We are seeking a talented, dedicated, and highly motivated attorney to lead Meta’s APAC Security Legal team as Director & Associate General Counsel. This is a unique opportunity to have regional and global impact while working on cutting edge and novel issues in an exciting, fast-paced environment across a range of complex regulatory, safety, security,...


  • Singapore TD Bank Group Full time

    Job Title: Information Security AnalystTD Bank Group is seeking a highly skilled Information Security Analyst to join our team. As an Information Security Analyst, you will be responsible for identifying and mitigating potential security threats to our systems and data.Key Responsibilities:Conduct real-time analysis of identified cyber incidents impacting...


  • Singapore Henderson Security Services Pte Ltd Full time

    Job Description for Security Operations ManagerHenderson Security Services Pte Ltd seeks a Security Operations Manager to lead our security team. Key responsibilities include:Managing the security operations centre with a team of more than 3 personnelConducting security audits and risk assessments to ensure the highest level of securityProviding general...

  • Security Supervisor

    6 months ago


    Singapore FORCE-ONE SECURITY PTE. LTD. Full time

    Roles & Responsibilities In charge of security or fire command centre with a security team Incident management and reporting Direct supervision Execute evacuation plans and exercises Assist in maintaining the deployment roster of the site PC literate and can able to put up incident report via smartphone Any other associated tasks and responsibilities...


  • Singapore DRAGNET SMARTECH SECURITY PTE. LTD. Full time

    Job Summary:Dragnet Smartech Security Pte. Ltd. is seeking a skilled Security Controller to join our team at the 24/7 Command Centre. As a Security Controller, you will be responsible for managing security projects, activating emergency response personnel, and utilising HRMS to monitor onsite operations. You will also be required to monitor cloud-based...


  • Singapore ANZ Full time

    About UsAt ANZ, we're harnessing the power of technology and data to drive financial wellbeing and sustainability for our customers.About the RoleAs a Technology and Information Security Governance Lead, you'll play a critical role in driving technology operational risk excellence using the ANZ Risk Management Framework. You'll work closely with Country...


  • Singapore KDDI ASIA PACIFIC PTE. LTD. Full time

    Job SummaryWe are seeking a seasoned Information Security Manager to join our KDDI ASIA PACIFIC PTE. LTD. team. As a key member of our organization, you will be responsible for protecting our information assets and ensuring the security of our information systems. The ideal candidate will have a strong background in information security, with a minimum of 5...