Associate Director, Technology Risk & Business Continuity Management

FIND YOUR 'BETTER' AT AIA We don't simply believe in being 'The Best'. We believe in better - because there's no limit to how far 'better' can take us. We believe in empowering every one of our people to find their 'better' - in the work they do, the career they build, the life they live and the difference they make. So that together we can support even more people - including our own - to live Healthier, Longer, Better Lives. If you believe in better, we'd love to hear from you. About the Role 1) Technology Risk Working in conjunction with other professional colleagues and specialists, the Associate Director acts as an expert advisor to management concerning risks involving or affecting technology, and ensures that technology risks are appropriately identified, measured, assessed, and mitigated in the right priority. He/ She is expected to contribute to the development and implementation of technology risk management governance programmes and the optimal security implementation and operation models which are in alignment with the Group TR's strategic directions. 2) Business Continuity Management Develop, implement, and lead company's business continuity program in line with Group standards and local regulations in the region. The person will support all activities vital to AIA to prepare for and respond to any business interruption Roles & Responsibilities: Technology Risk

• Develop and lead security governance framework & risk portfolio, in accordance with AIA's IT control policies and guidelines.
• Conduct gap analysis on various regulatory requirement and drive program to bridge the gap.
• Lead and coordinate cyber security assessments and industry compliance assessment.
• Define and supervise relevant KRIs related to IT risks and provide regular update to Operational Risk Committee, and update Group Technology Risk when vital.
• Partner with risk owners to drive the identification and assessment, management and response, monitoring, and controls of data and technology risks on key initiatives and projects
• Serve as subject expert in examining Risk Papers of key projects.
• Drive the establishment of operation processes for leading the life-cycle of identity information; user access and privileged ID usage, protection of the critical data, cloud security, with the use of the state-of-the-art vendor solutions.
• Partner with Group Office to evaluate new tech risk solutions and assess the implementation risk of the group-wide projects.
• Interface and liaise with business key team members (e.g. HR, PD, Customer Experience and Transformation, Health & Wellness Strategy Management etc) to roll out new Technology Risk initiatives and uplift the security of the business applications.
• Support the CRO and the Head of Tech Risk & BCM to explore and deliver new and secure IT solutions and evaluate new IT strategic partners.
• Lead the communications with Group Office, business partners, corporate clients and other external parties on IT security matters.
• Develop plans to uplift the technology risk standard and resiliency across the organisation.
• Provide governance and support over IT security, cybersecurity and cloud security products and services, including but not limited to: identity and access management (I&AM), data loss protection (DLP), network security, end point and data loss protection, secure file exchanges and vulnerability management.
• Supervise security incident response, handling and investigation process.

Business Continuity Management

• Maintain the corporate wide business continuity program that addresses disaster recovery, business recovery and emergency response management
• Work with senior members of the Technology, Operations and Risk leadership teams to ensure that remediation plans are implemented and tracked accordingly.
• Lead and support annual business recovery exercises, which may include Dedicated Recovery Sites (DRS), Remote Access, Alternate Office, and Work Transfer, depending on function and location
• Help the business functions to conduct periodic Business Impact Analysis, identify recovery requirements and work with the business continuity coordinators to develop and implement recovery plans in the event of a business disruption.
• Identify opportunities for strategic improvement or mitigation of business interruption and other risks caused by business, regulatory, or industry-specific change initiatives.
• Plan and coordinate all business continuity testing and exercises. Coordinate and facilitate regular, complete, and significant BCM tests and post-exercise reports.
• Work closely with IT, Operations, and other business units to develop/maintain DR plans for critical systems and applications and to ensure that internal recovery sites are updated and functioning properly. This includes reviewing business impact assessments reports and conducting challenge sessions to ensure appropriate tiering and Recovery Time Objective/Maximum Tolerable Period of Disruption levels are assigned.
• Liaise with Business Continuity Coordinators to develop effective working relationships.
• Liaise with contract owners and lead company's BCM readiness assessment for Third Parties.
• Perform threat and risk assessment pertaining to Business Continuity to identify points of vulnerability, single points of failure and identify risk avoidance and mitigation strategies.
• Assist in crisis management as BCM subject matter expert in the event of a business interruption.
• Provide regular status updates until closure to Group / BU key stakeholders during the major incidents.
• Develop and deliver appropriate BCM education and awareness programme
• Develop regular BCM program status reports to Group and local management
• Analyze and report on implications of regulatory requirements and industry guidance on BCP/DR programs.

Minimum Job Requirement: Technology Risk

• Degree holder in Computer Science, Information Systems/ Security or related discipline.
• At least 12 years of relevant and solid experience in technology risk management and control, gained from sizable multi-national banks and insurance companies.
• Solid understanding of IT security products and solutions. Knowledge of SailPoint IIQ and CyberArk are definite advantages.
• Subject matter expert in mobile and web application security -- Authentication, Access Control, Data Encryption and Data Loss Prevention.
• Equipped with IT security certifications -- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), Certified Information Forensic Investigator (CIFI).
• Knowledge of PCI-DSS and implementing information security frameworks or standards, such as NIST, ISO 27001, COBIT.
• Analytical and objective; able to elaborate on, characterize, assess and evaluate risks.
• Confident and credible; keen to earn the respect and trust of, and inspire, others. Independent and have a strong sense of taking one own's initiative to solve problems.

Business Continuity Management

• Globally recognized BCM certification (CBCI/CBCP).
• Minimum 8 years of relevant experience in business continuity or enterprise resilience preferable in FS Industry.
• Good understanding or organizational resilience including IT Disaster Recovery and Technology Resilience.
• Experience in actively developing and supporting business continuity programs is an advantage.
• Excellent written and communication skills.
• Project management skills.
• Proficiency in MS office products (PowerPoint, excel, etc.).
• Self-starter with the ability to work with a great degree of autonomy.
• Must have a good understanding in the areas of IT Disaster Recovery and Technology Resilience.

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives. You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.