Job ref no.: 220108782-JR-17472
AIA Hong Kong and Macau

Regulatory & Information Security Compliance, Principal (Senior Manager Level)

AIA Hong Kong and Macau

About this company

Bring your career aspirations to life with AIA!

Working in conjunction with other professional colleagues and specialists, the Expert is responsible to the development and implementation of technology risk management governance programmes with the alignment of the Group Information Security’s strategic direction.

Roles and Responsibilities:

This position plays a significant role in supporting management and Head of Information Security (“IS") of AIA Hong Kong and Macau to promote and enhance the maturity of IT/cyber security of the organisation, as well as related entities (such as AIA Investment Management).This is to be done through a robust governance, technology risk management and compliance programmes, coupled with well-planned communications and awareness-raising programmes tailored for different internal and external stakeholders.Therefore, while the individual taking up this role may not need to be an IT technical expert, he or she must be a quick learner who can grasp a wide range of IT/cyber security topics.The individual must also be a great communicator who can convey messages in English and Chinese involving highly technical IT/cyber risk concepts to all levels of staff (for instance, for awareness-raising campaigns) and to strategic stakeholders (such as regulators, auditors and corporate clients) in an efficient and professional manner. 

(Daily Operation) Regulatory and Information Security Compliance

  • Develop and manage the technical risk governance framework & risk portfolio, which follows the AIA’s IT control standards and guidelines.

Communications and engagement with regulators, auditors

  • Lead and coordinate internal efforts to support compliance assessment and security audits conducted by regulators and internal/external auditors;
  • Coordinate inputs and craft accurate and effective responses to enquiries on IS matters coming from regulators and auditors.

Awareness-raising campaigns for staff

  • Organise regular and frequent activities and develop localised materials to raise the awareness of staff at all levels on various cybersecurity controls and practices, and other topical issues;
  • Maintain and curate the internal IS Information Hub in the company intranet.


  • Lead ad-hoc cross-functional teams on special projects or strategic initiatives relating to IS;
  • Communicate with group offices, business partners, corporate clients, IT vendors and external parties on IT security matters, as and when needed.

Minimum Job Requirements:

  • Degree holder in Computer Science, Information Systems, Business, Finance, Risk Management, or a related discipline;
  • Minimum of 10 years of relevant and solid experience in risk management and control (preferably in the area of information security and technology risk), gained from international financial institutions or financial regulators;
  • Holder of relevant audit professional qualification and/or IT security certificates preferred (such as CISA, CISM, CISSP etc.);
  • Solid experience in handling audit-related assignments and cybersecurity assessments against information security frameworks or standards, such as HKMA’s CRAF, ISO 27001, NIST Cyber, etc.;
  • Familiar with relevant control requirements from different regulatory bodies of Hong Kong, such as Insurance Authority, Mandatory Provident Fund Schemes Authority, etc.;
  • Excellent communication (written and oral) skills, and demonstratable experience as a highly effective facilitator of cross functional teams;
  • Excellent leadership and management skills and proven ability to build, manage and foster a team-oriented environment;
  • Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative to work creatively and analytically when solving problems;
  • You are required to obtain the relevant licence(s) if your job involves regulated activities.


Build a career with us as we help our customers and the community live healthier, longer, better lives.


You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.

More job information
Job ref no. 220108782-JR-17472
Job Function
Employment Term
  • Full-time
  • 10 years - 20 years or above
Career Level
  • Middle management level
  • Degree