Senior Manager - IT Security Engineering

About FWD Group

FWD Group is a pan-Asian life insurance business with more than 13 million customers across 10 markets, including some of the fastest-growing insurance markets in the world. The company was established in 2013 and is focused on changing the way people feel about insurance. FWD’s customer-led and digitally enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience.

For more information, please visit www.fwd.com

FWD Vietnam Technology Company Limited., known as FWD VTC, was set up in 2024 and is part of FWD Group. FWD VTC in Vietnam is one of FWD Group’s office locations serving multiple markets within the Group and employs team members in various functions including Group Technology and Operations, Group Digital & Data and our Centre of Excellence comprising cloud & infrastructure, information security, enterprise architecture and solution delivery.

PURPOSE

• Drive FWD IT Security Engineering function as a SME for FWD Group and all Business Units (10 Business Units) in Asia Pacific.
• Define and partner with stakeholders in a multi-disciplined team structure, designing and implementing cloud security solutions to provide coverage across a variety of projects
• Lead stakeholders’ and vendors engagements and providing subject matter expertise to Business Units and engagement teams
• Develop deep working relationships with senior executives across engagement teams.
• Responsible and execute large-scale project deliveries
• Manage teams and mentor junior resources
• Oversee infrastructure and microservices security architecture (inclusive of: container security architecture, data security architecture, network security architecture and operational security architecture).
• Review the infrastructure & microservices design against different security regulatory, industry and internal standards such as PCI DSS and CSA Containers' security guidelines and identifying the necessary security architecture requirements for the same.
• Review the infrastructure & microservices network and data architecture and identifying the necessary security architecture requirements for the same.
• Ensure that final design addresses identified threats and countermeasures during threat modelling
• Build knowledge capital through research and development and leveraging industry insights to deliver best of breed expertise to stakeholders.
• Lead the growth of cloud security practice across business units, project team and other stakeholders
• Drive IT Security Engineering Initiatives and Projects definition and implementation, selection of solutions and architecture, as well as define operations framework and its continuous improvement.

KEY ACCOUNTABILITIES

• Support the Head of IT Security Engineering in define and maintain the IT Security Engineering framework for FWD Group.
• Drive awareness and support to Group IT Security, Group IT and Business Units IT, to understand the IT Security Solutions and Processes, as well as their implications across the organization.
• Drive IT Security Engineering Initiatives and Projects definition and implementation, selection of solutions and architecture, as well as define operations framework and its continuous improvement.
• Partner with the Head of IT Security Engineering and Group CISO, through tracking and reporting function, to ensure regular updates to management on the IT Security Engineering Program and risks.

QUALIFICATIONS / EXPERIENCE

• Minimum 8 years working experience in IT Security Management role, preferably in Financial Services.
• Regional experience in IT Security Technical or Engineering roles.
• Degree from Information Technology or equivalent discipline.
• Technical experience in Identify, Protect, Detect, Response or Recover areas.

KNOWLEDGE & TECHNICAL SKILLS

• Cloud security-related certifications such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), or any cloud provider-specific security certifications.
• A robust grasp of cloud security best practices, principles, and patterns. This should include knowledge of the Shared Responsibility Model and an understanding of how it impacts security posture.
• In-depth knowledge of at least one major cloud service provider (e.g., AWS, Azure, GCP) with a comprehensive understanding of their service offerings, architecture, and security controls.
• Experience with scripting and automation tools to streamline security operations.
• Knowledge of vulnerability scanning tools and techniques, as well as experience with the remediation of identified vulnerabilities.
• Knowledge of cloud networking constructs, security groups, network ACLs, and other network security methodologies.
• Excellent interpersonal and influential skills to enable the implementation and enforcement of the IT Security Engineering program.
• Good English communication and presentation skills.