Governance Compliance, Consultant

At AIA we've started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we're now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on. 

About the Role

This role focuses on ensuring technology compliance and risk management within AIAS. Key responsibilities include conducting pre-audit reviews, coordinating IT audits and regulatory inspections, and managing responses to audit findings. The role involves continuous monitoring and testing of technology and cybersecurity controls, identifying opportunities for automation, and facilitating training to improve control awareness. It also includes collaboration with risk management teams on annual assessments, responding to regulatory inquiries, and serving as a subject matter expert on technology compliance. Leadership and mentoring of junior team members are also a core aspect of the role.

WHAT YOU WILL DO

• Conduct pre-audit/thematic reviews to ensure compliance with IT policies, standards and regulatory requirements

• Coordinate IT audits (inclusive of regulatory inspections) and manage responses to audit findings

• Collaborate with the Controls Testing Specialist to

  • Build and facilitate effective continuous controls monitoring of the Technology Controls Library, performing controls testing on defined Technology and Cyber related controls against internal standards, industry best-practice and regulatory requirements.

  • Identify opportunities for automation/dashboarding of controls testing to reduce manual testing load.

  • Facilitate training and awareness sessions to build awareness amongst Control Performer(s)/Owner(s) on the need for evidence-based attestation on controls effectiveness.

  • Produce artefacts for management reporting on continuous controls monitoring initiative as required.

• Collaborate with the Second Line of Defense (Technology Risk Management) on the annual Risk Control Self-Assessment (RCSA) to ensure controls effectiveness are accurately assessed and to finalise on the residual risk based on the Technology Risk taxonomy

• Respond to technology questionnaires, request for information, other requests from the MAS

• Acts as the SME on Technology Compliance related matters to support the Technology division, inclusive of assessment with regards to on-going changes to or new regulatory requirements and their impact on the Technology function

• Provide leadership and guidance to junior team members to foster a high-performing and collaborative culture

WHAT YOU SHOULD HAVE

• Bachelor's degree in computer science, information security, or a related field.

• Relevant certifications such as CISA, CISSP, CRISC, CISM, or equivalent qualifications, are highly desirable.

• Min 8 to 12 years of relevant work experience, including IT audit, risk management, and security governance within large financial institution, insurance, or auditing/consulting firms serving client in the financial services industry.

• Familiarity with MAS regulatory requirements (MAS FSM-N03, FSM-N04, MAS Technology Risk Management Guidelines) and industry best practices.

• Familiarity with the risks and compliance challenges posed by emerging technologies (such as AI and blockchain) would be a plus.

• A team-player with systematic problem-solving approach and have sense of ownership and drive.

• Must have good people skill to work in a team effectively and demonstrable experience of working with various level of stakeholders of large and complex organizations.

• Excellent interpersonal skills and stakeholders' management.

• Always have customer in mind when dealing with any situations/projects/deliverables.

• Able to negotiate with, influence and engage others in complex and conflicting situations across multiple parties to drive a positive outcome.

• Good communication skills and the communication network of the incumbent is expected to be internally within the enterprise (80%) and external with Vendors and Service Providers (20%).

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.

---