Manager, Information Security Governance

Are you ready to shape a better tomorrow?

AIA Digital+ is a Technology, Digital and Analytics innovation hub dedicated to powering AIA to be more efficient, connected and innovative as it fulfils its Purpose to help millions of people across Asia-Pacific live Healthier, Longer, Better Lives.

If you are hungry and driven to play an active role in shaping a better tomorrow, we want to hear from you. Because the work we do at AIA Digital+ makes a difference in the lives of millions of people, every day. We will equip you with the critical skills, tools and technology, and endless opportunities to learn, contribute and thrive in a dynamic and exciting environment.

If you want to shape a brighter future at AIA Digital+, please read on.

About the Role

This roles manages Third Party Security Assessment process and provides Security Metric Reporting

Roles and Responsibilities:

• Coordinate with external service providers to ensure timely and effective third-party security assessments (TPSA) prior to vendor onboarding.
• Monitor and follow up with internal stakeholders on remediation plans for unresolved third-party security issues.
• Track and escalate third-party BitSight security ratings that fall below the defined security threshold.
• Maintain accurate and up-to-date records of vendor inventory and TPSA status.
• Support the execution and continuous improvement of TPSA processes, tools, and workflows.
• Assist in the implementation of security policies, procedures, and controls to ensure third-party compliance.
• Collaborate with the incident response team to monitor third-party threats and support incident handling.
• Provide guidance to Local Business Units (LBUs) on managing third-party security risks and controls.
• Prepare and deliver regular reports on TPSA activities and risk findings to senior team members.
• Promote awareness of third-party security requirements and best practices across internal teams and vendors.

Qualifications :

• Bachelor's degree in IT, Computer Science, or a related discipline.
• Minimum of 10 years of experience in Information Security, Technology Risk, or IT Auditing, preferably with regional experience.
• Excellent written and verbal communication skills, with the ability to escalate issues clearly and promptly to management.
• Strong critical thinking and analytical skills for handling complex situations.
• Proven ability to articulate IT controls and risks effectively.
• Ability to work independently with minimal supervision.
• Comprehensive knowledge of industry technology control frameworks and standards, such as ISO 27001, and NIST Cyber Security Framework v2.0.
• Experience in third-party security assessment is advantageous.
• Relevant certifications such as CISSP, CISM, CISA, CRISC, and/or ISO 27001 are a plus.
• Strong people management and communication skills.
• Ability to work proactively with diverse stakeholders across different countries, translating business language into information security and technical language, and vice versa.
• Experience in cross-border management.

Build a career with us as we help our customers and the community live healthier, longer, better lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.