Business Information Security Officer

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on.

**WE ARE LOOKING FOR.....**

The BISO role is a senior cybersecurity leadership position intended to bridge the gap between security and business interests, be responsible for the overall Cyber Security Management of AIA Singapore to the line of business.

Serve as the Business Information Security Officer, go-between for the security team and business, to engage with line of business for AIASG and to perform vital functions in identifying, mitigating, reviewing, documenting, and reporting findings to management, and ensures the corresponding risk exposures are appropriately addressed such that the company’s image and value are protected. Enhance our cyber security readiness and uplift our capabilities to tackle the future emerging cyber risks to support the business.
- Serve as the primary security contact for the line of business in AIASG
- Develop and oversee the implementation of security policies, procedures, and controls
- Conduct risk assessments and manage security statement and review for line of business in AIASG to support business strategy
- Monitor compliance with security regulations for all systems supporting the line of business
- Strong business acumen to understand and speak the language of business. Be able to clearly articulate the value of cybersecurity investments to business leaders who may not be familiar with the technical details
- Develop and maintain local risk register, detection/response related standard operating procedures to ensure compliant to the MAS regulations
- Monitor security compliance, manage security awareness programs, train employees on security procedures and implement new security technologies
- Coordinate with the IT department on technical security issues
- Working with business units to ensure compliance with security policies and procedures
- Provide guidance and support to line of business on security-related issues
- Uplift Cyber Security process, controls and maturity level for Cyber Security
- Support for the Cyber Security score in the annual MAS CRAFT report
- Internal communication within Technology Department (30%), Enterprise Risk Management, Compliance, Internal Audit (15%), Business Departments (10%), Senior Management and Sub-Committees (10%), Group Technology and Group Information Security(20%)
- External communication with Vendors and Service Providers (15%)

**Job Requirements**
- Bachelor’s degree of computer science, computer engineering or other relevant degrees
- Information Systems Security professional certifications, such as CISSP, CISA, CISM or CRISC preferred
- Minimum 15 years of IT experience with at least 5 years’ of experience working as a BISO in an MNC enterprise environment. Finance industry will be preferred
- Effectively communicate with both technical and non-technical staff. Be able to translate complex technical concepts into plain English and present them in a way that decision-makers can understand
- Strong knowledge of Cyber Security forensics, Information Security governance, project management, change management, technology implementation and risk analysis strategy
- Sound knowledge of Cloud environment and Cloud security, Cyber Monitoring, Threat Hunting, and Cyber Threat Intelligence
- Self-driven professional interested in the world of cyber security
- Broad information security knowledge and experience in defending a large enterprise
- Technical understanding of enterprise network, various components and designs and strong understanding of Operating Systems, Applications, Database, on-prem and cloud environment
- Good Communication, coordination, analytical and interpersonal skill
- Ability to work independently, take initiative, be flexible and adapt in agile working environment

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.