Associate Director, Application Security

At AIA we've started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we're now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on. 

About the Role

The incumbent will be managing team members in SG/Cyber Technology Centre (Malaysia)/Batam Technology Centre (Indonesia) and responsible for defining and overseeing the organization's application security architecture, ensuring alignment with target architectures and modern development practices.

​WHAT YOU'LL BE DOING:

1. Strategic Oversight of Security Architecture

• Define, design, and implement the target application security architecture in line with organizational goals and industry/regulatory standards.

• Establish a comprehensive application security strategy, ensuring seamless integration into enterprise architecture and technology roadmaps.

• Conduct architectural reviews to identify risks and recommend mitigation strategies, focusing on secure and scalable solutions.

2. CI/CD Pipeline Security

• Lead the integration of security controls into CI/CD pipelines, ensuring automated detection and remediation of vulnerabilities.

3. Secure Software Development Lifecycle (SDLC)

• Develop and enforce secure development guidelines, ensuring security is incorporated at every stage of the SDLC.

• Provide leadership in threat modelling, secure coding practices, and software code quality management across development teams.

• Work with application teams to prioritize security requirements, balancing business objectives with technical risks.

4. Vulnerability Management and Mitigation

• Oversee the overall strategy for SAST, DAST, to identifying and remediating vulnerabilities.

• Ensure timely resolution of identified issues, coordinating efforts across development, QA, and DevOps teams.

• Maintain and communicate detailed metrics and dashboards on the security posture of applications and pipelines.

5. Cross-Functional Collaboration

• Partner with application teams to align security architecture with business needs and project timelines.

• Act as the primary liaison between technical teams and executive leadership, effectively conveying security risks and architectural priorities.

WE ARE LOOKING FOR SOMEONE WITH | YOU WILL HAVE:

• Bachelor's degree of computer science, Information Security, or a related field. A Master's degree would be an added advantage.

• Information Systems Security professional certifications, such as CISSP, CSSLP, CEH, OSCP or CREST.

• At least 15 years of experience in cybersecurity, with a focus on application security, security architecture, and secure development practices.

• Proven expertise in designing and implementing security controls within CI/CD pipelines in Agile and DevOps environments.

• Demonstrated success in defining and overseeing secure application architectures for cloud-native and hybrid environments.

• Deep understanding of secure software development lifecycle (SDLC) methodologies and best practices.

• A team-player with systematic problem-solving approach, and have sense of ownership and drive.

• Must have strong people skill to lead a team effectively and demonstrable experience of working at the most senior levels of large and complex organizations.

• Excellent interpersonal skills and stakeholders management.

• Always have customer in mind when dealing with any situations/projects/deliverables.

• Interprets customer needs, assesses requirements and identifies solutions to non-standard requests.

• Able to negotiate with, influence and engage others in complex and conflicting situations across multiple parties to drive a positive outcome.

• Good communication skills and the communication network of the incumbent is expected to be internally within the enterprise (80%) and external with Vendors and Service Providers (20%).

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.

---