Senior Manager, Security Capabilities

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.
- As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives._
- To get there, we need people with _
- tech/digital/analytics_
- expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone._

If you believe in developing a better tomorrow, read on.

About the Role

Strategize and steer AIA Singapore’s Information and Cyber Security Awareness Programme, to meet the objectives of the MAS TRM Guidelines and MAS Cyber Hygiene Notice.

Responsible for establishing metrics to measure the cyber hygiene awareness levels of our people, including Board, Senior Management, staff, distribution force and third-party service providers.

Explore innovative learning solutions to inculcate a more people-centric, people-led security awareness culture.

Continuously uphold and uplift the branding of ISG and confidence in our security capabilities through robust communication, security capabilities advisory and partnership with various business functions.

Research and facilitate creative automation of ISG processes to upscale the team’s productivity and enable resource channeling to higher value initiatives.
- WHAT YOU’LL BE DOING:_- This role includes responsibilities of managing 2 team members and overseeing operations, subsidiaries, assigned POA over specific matters and/or other appointments such as Data Protection Officer.- Maintain an oversight of the information security capabilities of all groups of target stakeholders in the four entities in scope (i.e. Board members, EXCO/Senior Management, staff, agents, Tech staff, contract personnel, agents and third party service providers).- Establish security capabilities and awareness requirements through detailed gap analysis from various channels, such as interviews, past phishing exercise results and e-learning coverage.- Lead the planning and execution of cyber security training initiatives for the Board of Directors and Senior Management.- Work with the other ISG functions to create topical security awareness modules and training, such as for TPSA, Incident Management, Risk Registry, etc.- Oversee the delivery of security awareness for third party service providers with critical and high risk to AIA Singapore.- Lead impactful security campaigns to foster a high level of partnership and cyber hygiene knowledge of stakeholders such as staff and agents.- Establish qualitative or quantitative metrics to measure the cyber hygiene awareness levels (e.g phish-prone levels) of staff and business functions.- Perform regular analysis on such metrics to identify common security capabilities gaps and determine effective risk treatment solutions needed to bring down the People risk.-
- Explore in-house development or existing solutions with security competency vendors to gamify the security learning experience for all stakeholders to achieve a people-centric, people led security awareness programme.- Work with respective process owners to innovate existing BAU operations such as follow up reporting and escalations through automated controls.- Manage partnership with various business functions and Risk teams to foster harmonious relationships, which would be vital in breeding a highly positive risk and security awareness culture across the four entities.- Level and type of budgetary or financial control of the position.- Responsible for budget of Information Security and Governance unit.- Other quantitative / qualitative measures, e.g. time, quality, feedback, etc., that are tied to the objective of the area of responsibilities:
- Downward trend in cyber security incidents and data privacy related incidents arising from improved security capabilities amongst stakeholders.- High take up rate and good response from stakeholders for post-transformed security awareness programme, in terms of security awareness solutions delivered.-
- Improved productivity from ISG BAU services through completion of process automation initiatives.
- WE ARE LOOKING FOR SOMEONE WITH | YOU WILL HAVE:_- Bachelor’s degree of Computer Science, Computer Engineering, or other related degrees.- Information Systems Security professional certifications, such as CISSP, CISA, CRISC, CISM.- Minimum 8 years of experience with at least 5 years’ of experience driving security awareness programmes for companies or in major tech firms or regulated organization (e.g. Government, FIs).- Good conceptual knowledge of cybersecurity threats and processes.- Highly driven professional passionate in the world of cyber security and keenness to share knowledge to the wider a