Technology Risk, Principal

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.
- As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives._
- To get there, we need people with _tech/digital/analytics_ expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone._

If you believe in developing a better tomorrow, read on.

About the Role

An agile and proactive individual who will play a pivotal role in the development and implementation of an effective 2nd Line of Defence (2LOD) Technology Risk Team. The individual will be responsible for providing risk oversight and advice and will collaborate closely with the local Technology, Information Security and Group Technology Risk Management functions to drive a strong risk culture across Technology.

WHAT YOU’LL BE DOING

Provide exceptional support and advice to all stakeholders in:

- Technology Risk Advice and Guidance: Provide risk, control and compliance advice to stakeholders at all levels;
- Policy and Framework Implementation: Provide support in implementing the Group/ MAS technology risk framework and policy requirements;
- Risk Profiling: Facilitate the identification and assessment of risks and controls. Facilitate regular reviews and updates to established risk profiles based on trigger events;
- Controls - Assist Technology to design, assess and measure a control environment that mitigates the risks, meets regulatory obligations, and complies with internal policies;
- Incident management - Provide guidance and support in performing incident root cause analysis and identifying control breakdowns for technology related incidents;
- Key indicator and trend analysis: Implement risk & control data analytics. Define and build KRI reporting to support effective risk reporting;
- Reporting: Provide regular reporting to Board and senior management on technology risk and security matters;
- Project Risk: Provide risk advice on major Technology and Business initiatives to ensure that Group/MAS Security requirements are met, and the appropriate controls are implemented;
- Training and Awareness: Increase Technology Risk awareness and enhance risk culture across the organization via regular training sessions;
- Regulatory and Audit Engagements: Assist with IT related regulatory inspections and internal/external audits.

WHAT WE ARE LOOKING FOR

You possess a can-do attitude and exceptional communication skills for this highly visible role. You will also:

- Possess 10+ years of technology risk management experience preferably in the insurance or financial services sector with a Bachelor or Master’s degree holder in Information Technology, Risk Management or related disciplines;
- Solid understanding of current/emerging enterprise technology (eg cloud/ DevOps etc.) and security regulations, frameworks, standards and controls;
- Ideally have hands on data analytics expertise to enable deep analysis and proactive identification of emerging risk and control issues;
- Relevant certifications essential e.g. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC);
- Knowledge of relevant programming languages / tool sets such as Python, PowerBI, Office 365 etc and experience in first line technical roles such as developer, programmer, architect, software engineering, data analysts will be an advantage.

LI-SC1
- Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives._