Job ref no.: CT3116513-01#6202

Senior Manager, Technology Risk

AIA

Job Summary

Working in conjunction with other professional colleagues and specialists, the Technology Risk Manager acts as an expert advisor to management concerning technology risks involving or affecting technology, and ensure that technology risks are appropriately measured and prioritized.


He/She is expected to contribute to the development and implementation of technology risk management governance programmes and the best-fit cloud security operation model, with the alignment of the Group TR’s strategic direction.


Roles and Responsibilities

Technical Risk project-based activities

  • Develop and manage security governance framework & risk portfolio, which follows the AIA’s IT control policies and guidelines.
  • Upgrade the security and control of our in-house developed mobile and web applications.
  • Developed the best-fit cloud security operation model, with the alignment of the Group TR’s strategic direction.
  • Define and establish operation processes for the management of identity’s life-cycle; user access and privileged ID usage, protection of the sensitive data, with the use of the state-of-the-art vendor solutions.

Communication and Training & Awareness

  • Manage and communicate with group offices, business partners, corporate clients, IT vendors and external parties on IT security matters.
  • Develop plans to uplift the technology risk standard and resiliency across the organisation.

Daily operation - IT Security support and Control

  • Provide governance and support over security tools including but not limited identity and access management (I&AM), data loss protection (DLP), network security, end point protection and vulnerability management.
  • Manage and coordinate cyber security assessments include vulnerability scanning, independent penetration test on IT infrastructure and applications.
  • Work with IT operation to monitor and report suspicious activity.
  • Support internal/external audit on compliance assessment and regulatory audit work.
  • Manage and coordinate security incident response, handling and investigation process.

Job Requirements

  • Degree holder in Computer Science, Information Systems, or related discipline.
  • At least 10 years of relevant and solid experience in technology risk management and control, gained from sizable multi-national banks and insurance companies.
  • Solid understanding of IT security products and solutions. Knowledge of SailPoint IIQ and CyberArk are definite advantages..
  • Subject matter expert in mobile and web application security -Authentication, Access Control, data encryption and data loss prevention.
  • Preferable to have relevant IT security certifications - Certified Information Systems Security Professional (CISSP) Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC).
  • Knowledge of PCI-DSS and experience in handling with IT Audit and implementing information security frameworks or standards, such as NIST, ISO 27001, COBIT.
  • Analytical and objective; able to elaborate on, characterize, assess and evaluate risks
  • Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative.

We offer an attractive remuneration package to the successful candidate. Please submit your application by clicking Apply Now for our processing.


All personal information provided by applicant will be treated in strict confidence and used solely for recruitment purposes. The personal information will be used strictly in accordance with AIA’s personal data policies, a copy of which will be provided upon request. It is possible that information about the applicant or the applicant’s application will be shared with AIA and its related companies. AIA will retain all applications for a period of up to 24 months after which the documents will be destroyed.

All applications applied through our system will be delivered directly to the advertiser and privacy of personal data of the applicant will be ensured with security.

More job information
Job ref no. CT3116513-01#6202
Salary
  • N/A
Job Function
Industry
Employment Term
  • Full-time
Experience
  • 10 years - 12 years
Career Level
  • Middle management level
Education
  • Degree