Principal, Information Security

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on. 

About the Role

This position plays a significant role in supporting management and Director of Information Security to promote and enhance the maturity of Information and cyber security of the organisation, as well as related business entities. This is to be done through a robust governance, Information security risk management and compliance programmes, coupled with well-planned communications and awareness-raising programmes tailored for different internal and external stakeholders. Therefore, while the individual taking up this role may not need to be an Information Security expert, he or she must be a quick learner who can grasp a wide range of IT/cyber security topics. The individual must also be a great communicator who can convey messages in English and Chinese involving highly technical IT/cyber risk concepts to all levels of staff (for instance, for awareness-raising campaigns) and to strategic stakeholders (such as regulators, auditors and corporate clients) in an efficient and professional manner.

(Daily operation) Regulatory and Information Security Compliance

• Develop and manage the Information security governance framework & risk portfolio, which follows the AIA’s security standards and guidelines.
• Be the subject matter expert to provide advice on regulatory requirements related to information security.

Communications and engagement with regulators, auditors

• Lead and coordinate internal efforts to support compliance assessment against regulatory requirements and IT audits conducted by internal/external auditors;
• Coordinate inputs and craft accurate and appropriate responses to enquiries coming from regulators and auditors;

Awareness-raising and education for staff

• Organise regular and frequent activities and develop localised materials to raise the awareness of staff at all levels on various cybersecurity controls and practices, and other topical issues of Information Security.
• Maintain and curate the internal Information Hub for education and sharing.

Miscellaneous

• Lead ad-hoc cross-functional teams on special projects or strategic initiatives relating to Information Security
• Communicate with group offices, business partners, corporate clients, IT vendors and external parties, as and when needed

Job Requirements:

• Degree holder in Computer Science, Information Systems, Business, Finance, Risk Management, or a related discipline.
• Minimum of 10 years of relevant and solid experience in Information Security risk management and control, gained from international financial institutions, professional firms or financial regulators.
• Holder of relevant IT audit professional qualification and/or IT security certificates preferred (such as CISA, CISM, CISSP etc.).
• Solid experience in handling cybersecurity assessments and IT audit-related assignments and familiar with relevant control requirements from different regulatory bodies such as Hong Kong Insurance Authority, Mandatory Provident Fund Schemes Authority, Macau AMCM etc.
• Excellent communication (written and oral) skills, and demonstratable experience as a highly effective facilitator of cross functional teams.
• Excellent leadership and management skills and proven ability to build, manage and foster a team-oriented environment.
• Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative to work creatively and analytically when solving problems.
• You are required to obtain the relevant licence(s) if your job involves regulated activities.

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.