Security Architect

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on.

The Security Architect will lead the design, implementation, and maintenance of a robust security architecture tailored for AIA, ensuring the protection of digital assets, infrastructure, and sensitive financial data. This includes maintaining an enterprise security blueprint and integrating best practices aligned with regulatory standards such as ISO/IEC 27001, NIST, and relevant industry regulations.

You will collaborate closely with IT, development, and risk management teams to embed security measures across the technology infrastructure and software development lifecycle, using a risk-based and compliance-driven approach.

In this role, you will ensure that the security architecture supports business objectives and regulatory requirements. You will also lead the development of security frameworks, standards, and policies, while providing expert guidance on secure design and risk mitigation strategies across projects and operations.

• Lead the development and implementation of enterprise security architecture strategies, frameworks, and mitigation plans.
• Design secure systems and network architectures that align with business objectives, regulatory requirements, and industry best practices.
• Translate business and technical requirements into robust, secure architecture solutions.

• Own the security review process and produce security design blueprints for ARB and other governance forums.
• Provide architecture assurance to ensure alignment with enterprise roadmaps and standards.
• Define and maintain security standards, guidelines, and reference architectures.

• Conduct threat modeling, and security impact analyses for new and existing solutions.
• Stay current with regulatory changes affecting cybersecurity in the insurance and financial services sectors.
• Evaluate emerging security technologies and recommend adoption where appropriate.

• Partner with solution architects, development teams, and business stakeholders to ensure secure design and implementation.
• Present security architecture and risk mitigation strategies to ARB and senior leadership.
• Provide advisory and assurance support to the Local Information Security (LIS) team during security incident investigations.

• Review and endorse technical documents (e.g., impact analyses, functional designs, interface agreements) from a security perspective.
• Contribute to the strategic direction of security investments and enterprise risk posture.

• Serve as the technical subject matter expert for all security-related design decisions.
• Mentor junior team members and promote security awareness across IT and business teams.

• Minimum of 8 years of experience in IT security architecture design, risk management, or cybersecurity operations preferably within the financial services or insurance industries.
• Strong knowledge of security architecture frameworks (e.g., SABSA, TOGAF with security extensions, ISO/IEC 27001, NIST, and COBIT).
• Expertise in cloud security (AWS, Azure, GCP) and on-prem security controls.
• Familiarity with identity and access management (IAM), network security, data protection, and encryption standards.
• Practical experience with security technologies including firewalls, SIEM, IAM, DLP, and endpoint protection.
• Understanding of DevSecOps and secure SDLC practices.
• CISSP, CCSP, or equivalent would be an added advantage.
• Cloud-specific security certifications (AWS Security Specialty, Azure Security Engineer) would also be an added advantage.
• Hands‑on experience in threat modeling, and implementation of security controls.
• Regulatory compliance experience (RMIT, ISO 27001, SOC2, GDPR, PDPA).
• Experience with Agile and Waterfall methodologies, and secure software development lifecycle (SDLC).
• Ability to communicate complex security concepts to non-technical stakeholders.
• Leadership and collaboration with cross‑functional teams.

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.