Associate Director, Security Governance

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.
- As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives._
- To get there, we need people with _tech/digital/analytics_ expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone._

If you believe in developing a better tomorrow, read on.

About the Role

This role is responsible for delivering the AIA Singapore Line 1 GRC to the organisation, from coordination Governance reporting activities, Operational Technology Risk Management and Compliance and Audit functions prescribed from AIA Group, industry regulations and the Monetary Authority of Singapore (MAS). This role is also responsible for AIA’s Cyber Security Awareness training.

Information Security & Technology Risk Metrics- Drive the management monitoring and reporting methodology for various key information security and security risk governance metrics, security incidents, policy/standards deviations, third party security assessments, etc.- Prepare and present relevant technology and security risk indicators and updates to security forums, Operational Risk Committees and/or the Board Risk Committees.

IT Risk and Compliance Management- Drive organizational self-assessments against related technology and security regulatory advisories, circulars, guidelines and notices.- Coordinate annual IT risk and control self-assessment exercises according to MAS regulatory notices/guidelines, internal enterprise IT policies, and standards and maintain the Group electronic Governance Risk and Compliance (eGRC) tool.- Manage and follow through on the tracking of deviations and exemptions in the context of AIA’s technology and security policies and standards within the Group eGRC tool.

Security and Policies Awareness- Communicate material changes of internal policies/standards to internal staff and key stakeholders.- Develop effective methods to deliver cybersecurity training to various groups of audiences, including but not limited to - staff, IT teams, management, third party service providers and our agency forces.

Specialized Areas Governance-
- Assist in enterprise-wide risk and compliance coordination for Technology division, where applicable.- Lead promotion of activities to increase information security within your teams to embed and continuously improve adherence to good practice.- Drive a continues Learning and Development program for staff training. (with inhouse and external training programs).

Requirements:
- Advanced degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems).- Preferably a holder of one or more of the following information security and audit qualifications: CISSP, CISA, CRISC, CCSP.- 15 years of experience in a combination of these roles:
- Cybersecurity governance, monitoring and reporting of key security metrics and risk indicators, either in Line 1 or Line 2.- Leading responses to IT audits and regulatory inspections.- Managing IT risk and compliance assessments, including assessments on the cyber hygiene of third-party service providers- Development, review and management of deviations/exemptions to technology policies and standards.- Developing and driving the organisation-wide information security awareness programme.- Managing medium size team as the incumbent is responsible in managing 12 team members in Singapore and remotely.- Substantial working experience from financial industry, big tech firms or established auditing firms will be considered favourably.- Experience and exposure in information security standards such as ISO27001 and other relevant industry frameworks will be an advantage.- Knowledge of tools such as PowerBI or JIRA would be advantageous, including the ability to implement automation.- Good communication, coordination, and interpersonal skills.- Strong stakeholder management capabilities.- High level of energy, professional integrity, and leadership demonstration.- Ability to adopt a helicopter view context to problem solving.
- Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives._