Business Information Security Officer

**Job Description & Requirements**:
The BISO role is a senior cybersecurity leadership position intended to bridge the gap between security and business interests, be responsible for the overall Cyber Security Management of AIA Singapore to the line of business.

Serve as the Business Information Security Officer, go-between for the security team and business, to engage with line of business for AIASG and to perform vital functions in identifying, mitigating, reviewing, documenting, and reporting findings to management, and ensures the corresponding risk exposures are appropriately addressed such that the company’s image and value are protected. Enhance our cyber security readiness and uplift our capabilities to tackle the future emerging cyber risks to support the business.

**Job Description**:

- Serve as the primary security contact for the line of business in AIASG
- Develop and oversee the implementation of security policies, procedures, and controls
- Conduct risk assessments and manage security statement and review for line of business in AIASG to support business strategy
- Monitor compliance with security regulations for all systems supporting the line of business
- Strong business acumen to understand and speak the language of business. Be able to clearly articulate the value of cybersecurity investments to business leaders who may not be familiar with the technical details
- Develop and maintain local risk register, detection/response related standard operating procedures to ensure compliant to the MAS regulations
- Monitor security compliance, manage security awareness programs, train employees on security procedures and implement new security technologies
- Coordinate with the IT department on technical security issues
- Working with business units to ensure compliance with security policies and procedures
- Provide guidance and support to line of business on security-related issues
- Uplift Cyber Security process, controls and maturity level for Cyber Security
- Support for the Cyber Security score in the annual MAS CRAFT report
- Internal communication within Technology Department (30%), Enterprise Risk Management, Compliance, Internal Audit (15%), Business Departments (10%), Senior Management and Sub-Committees (10%), Group Technology and Group Information Security(20%)
- External communication with Vendors and Service Providers (15%)
- Serve as the primary security contact for the line of business in AIASG
- Develop and oversee the implementation of security policies, procedures, and controls
- Conduct risk assessments and manage security statement and review for line of business in AIASG to support business strategy
- Monitor compliance with security regulations for all systems supporting the line of business
- Strong business acumen to understand and speak the language of business. Be able to clearly articulate the value of cybersecurity investments to business leaders who may not be familiar with the technical details
- Develop and maintain local risk register, detection/response related standard operating procedures to ensure compliant to the MAS regulations
- Monitor security compliance, manage security awareness programs, train employees on security procedures and implement new security technologies
- Coordinate with the IT department on technical security issues
- Working with business units to ensure compliance with security policies and procedures
- Provide guidance and support to line of business on security-related issues
- Uplift Cyber Security process, controls and maturity level for Cyber Security
- Support for the Cyber Security score in the annual MAS CRAFT report
- Internal communication within Technology Department (30%), Enterprise Risk Management, Compliance, Internal Audit (15%), Business Departments (10%), Senior Management and Sub-Committees (10%), Group Technology and Group Information Security(20%)
- External communication with Vendors and Service Providers (15%)