Third-Party Security Risk Management, Consultant

At AIA, we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re transforming our organization to be faster, simpler, and more connected, enabling us to develop digital solutions that help more people live healthier, longer, better lives.

We are seeking individuals with tech, digital, or analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences impacting millions and creating a healthier future for all.

If you believe in building a better tomorrow, read on.

This position oversees the Third-Party Security Risk Management domain, providing consultation and professional advice on information security and key technology risk matters related to the assigned geographical responsibilities. The role aims to foster a strong information security risk culture focused on people, processes, and technology. It requires a good understanding of security requirements within the financial industry, technology risk management methodologies, and the ability to work effectively with internal and external stakeholders to uphold the highest security standards.

• Manage the assessment and evaluation process of third-party vendors' security postures, including monitoring assessment renewals, coordinating reviews, and collaborating with assessors on TPSAs.
• Conduct due diligence and risk assessments on third-party vendors, ensuring compliance with regulatory requirements, and company policies and standards.
• Implement third-party uplift initiatives to enhance customer experience.
• Review client contracts' security clauses to ensure alignment with company policies.
• Support audit and regulatory responses, including control assessments related to risk management.
• Support or lead additional initiatives such as security assessment services.

• Lead or participate in governance of specialized information security areas like cloud and application security.
• Collaborate closely with stakeholders across Technology risk management, Risk and Compliance, Legal, and other departments.

This role supports the Senior Manager of Technology Vendor Management.

• University degree in Computer Science, Computer Engineering, Information Systems, Cyber Security, or related fields.
• Relevant security and audit certifications such as CISSP, CISA, CRISC, CCSP are preferred.
• 8-12 years of IT experience, including roles in audit, risk management, with strong governance, reporting, and cybersecurity knowledge.
• Financial industry experience is preferred.
• Knowledge of MAS TRMG, ISO27001, NIST, SOC2, OSPAR standards, and audits is advantageous.
• Experience in developing security and risk metrics and KPIs.
• Project management skills are a plus.
• Excellent communication, coordination, and interpersonal skills.
• Meticulous, analytical, and problem-solving traits with a high level of professional integrity.
• Self-motivated, energetic, and a team player eager to learn and grow in security and risk management.

Build a career with us as we help our customers and community live healthier, longer, better lives.

Ensure all requested information, including Personal Data, is provided for your application. Incomplete submissions may affect your application's processing and outcome.