Lead, Technology Risk, Enterprise Risk Management

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.
- As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives._
- To get there, we need people with_
- tech/digital/analytics_
- expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone._

If you believe in developing a better tomorrow, read on.

WE ARE LOOKING FOR.....

This position will be pivotal in supporting the development and implementation of an effective 2nd Line of Defence (2LOD) Technology Risk Team responsible for providing risk oversight and advice. The position will work with the local Technology, Information Security and Group Technology Risk Management functions to drive a strong risk culture across Technology.

This role will be responsible for supporting the Head of Technology Risk (2LOD) to:

- Technology Risk Advice and Guidance: Provide risk, control and compliance advice to Technology and Business stakeholders at all levels of the organisation. Proactively identify and effectively communicate emerging technology risks to stakeholders.
- Policy and Framework Implementation: Provide support in implementing the Group/MAS technology risk framework and policy requirements by providing guidance on the most effective approach to operationalising requirements.
- Risk Profiling: Facilitate the identification and assessment of risks and controls against Technology Objectives. Facilitate regular reviews and updates to established risk profiles based on trigger activities, external considerations and timelines as defined by policy requirements.
- Controls - Assist Technology to design, assess and measure a control environment that mitigates the risks, meets regulatory obligations, and complies with the requirements of internal policies.
- Incident management - Provide guidance and support in performing incident root cause analysis and identifying control breakdowns for technology related incidents. Work with Technology and Business stakeholders to determine remedial actions.
- Key indicator and trend analysis: Implement risk & control data analytics. Define and build KRI reporting (leverage existing metrics and risk dashboards were possible) to support effective risk reporting.
- Reporting: Provide regular reporting to Board and senior management on technology risk and security matters, including developments in the organization’s technology security risk profile.
- Project Risk: Provide security and control advice on major Technology and Business initiatives to ensure that Group/MAS Security standards and requirements are met, and the appropriate controls are implemented.
- Training and Awareness: Increase Technology Risk awareness and enhance risk culture across the organization via regular training sessions
- Regulatory and Audit Engagements: Assist with IT related regulatory inspections, queries and internal/external audits.

**Requirements**:

- 5+ years of technology risk management experience preferably in the insurance or financial services sector.
- Solid understanding of current/emerging technology and security regulations, frameworks, standards and controls.
- Excellent understanding of enterprise technologies (Cloud, DevOps etc.).
- Ideally hands on data analytics expertise to enable deep analysis and proactive identification of emerging risk and control issues.
- Knowledge of relevant programming languages / tool sets such as Python, PowerBI, PowerApps, Office 365 etc will be an advantage.
- Experience in first line technical roles such as developer, programmer, architect, software engineering, data analysts will be an advantage.
- Strong interpersonal, communication, influencing, management and presentation skills.
- Strong problem solving skills.
- Bachelor or Master’s degree holder in Information Technology, Risk Management or related disciplines.
- Relevant certifications essential e.g. Certified in the Governance of Enterprise IT (CGEIT), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC).
- Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives._