Technology Risk Management, Principal

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on.

The position is responsible for identifying, evaluating and reporting on technology risks in a manner that meets regulatory, group, management and other compliance requirements. The incumbent works proactively with the various business units and other internal departments and organizations to implement practices that meet the regulatory, Group’s and Company’s defined guidelines, risk policies, standards and/ or procedures.

• Manage the regular and project technology risk assessment, attestation and reporting.
• Manage on-going engagements and partner with the business to support technology risk assessment and monitoring.
• Identify and act upon opportunities to improve Technology Risk Governance processes and framework.
• Ensure that technology programs are meeting the applicable local laws, regulations and policies to minimize or eliminate the risk and compliance.
• Monitor the external threat environment for emerging technology and cyber threats and advise the relevant business on the appropriate course of action.
• Proactively identify risks through monitoring of technology performance in risk and compliance management.
• Regular reporting on the current status of the technology risk program to senior business leaders and the board of directors as part of a strategic enterprise risk management program.
• Assist in the definition of the business’s operation & technology risk appetite statements and monitor Key Risk Indicators (KRIs) against overall enterprise risk appetite.
• Develop visually accessible reports and dashboards for various internal & external audiences that enable risk monitoring.
• Continuously improve and/or enhance the analysis and reporting system by soliciting feedback from stakeholders.

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity or related field.
• Minimum 8 years working experience with at least 10 years of experience in technology security risk and control that involves regulatory environment.
• Evolving knowledge in several of the following areas: Insurances services, information technology, information security, cyber security, digital transformation, and technology management.
• Professional certifications like CISA, CISM, CEH, CISSP will be advantageous.
• Practical knowledge of risk analysis methodologies, frameworks, standards, and best practices (NIST, COBIT, ISO27001).
• Ability to work independently while sharing expertise with others.
• Strong communication and stakeholder's management skills.
• Experience in full developing of Risk Dashboards using Microsoft Power BI.
• Experience to use various sources to pull data into and writing DAX functions in Power BI to achieve reporting needs.
• Knowledge of the automation process using MS Power or other automation tools is required.

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.