Job Description

At AIA we\xe2\x80\x99ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we\xe2\x80\x99re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on.

About the Role
Strategize and steer AIA Singapore\xe2\x80\x99s Information and Cyber Security Awareness Programme, to meet the objectives of the MAS TRM Guidelines and MAS Cyber Hygiene Notice.

Responsible for establishing metrics to measure the cyber hygiene awareness levels of our people, including Board, Senior Management, staff, distribution force and third-party service providers.

Explore innovative learning solutions to inculcate a more people-centric, people-led security awareness culture.

Continuously uphold and uplift the branding of ISG and confidence in our security capabilities through robust communication, security capabilities advisory and partnership with various business functions.

Research and facilitate creative automation of ISG processes to upscale the team\xe2\x80\x99s productivity and enable resource channeling to higher value initiatives.

WHAT YOU\xe2\x80\x99LL BE DOING:

• 
  This role includes responsibilities of managing 2 team members and overseeing operations, subsidiaries, assigned POA over specific matters and/or other appointments such as Data Protection Officer.
• 
  Maintain an oversight of the information security capabilities of all groups of target stakeholders in the four entities in scope (i.e. Board members, EXCO/Senior Management, staff, agents, Tech staff, contract personnel, agents and third party service providers).
• 
  Establish security capabilities and awareness requirements through detailed gap analysis from various channels, such as interviews, past phishing exercise results and e-learning coverage.
• 
  Work with global Information Security function to manage the phishing exercises for staff and apply the rewards and consequence management based on the results of each exercise.
• 
  Drive the phishing exercises for our retail distribution force, working with Tied Distribution management to apply the rewards and consequence management based on the results of each exercise.
• 
  Lead the planning and execution of cyber security training initiatives for the Board of Directors and Senior Management.
• 
  Work with the other ISG functions to create topical security awareness modules and training, such as for TPSA, Incident Management, Risk Registry, etc.
• 
  Oversee the delivery of security awareness for third party service providers with critical and high risk to AIA Singapore.
• 
  Lead impactful security campaigns to foster a high level of partnership and cyber hygiene knowledge of stakeholders such as staff and agents.
• 
  Establish qualitative or quantitative metrics to measure the cyber hygiene awareness levels (e.g phish-prone levels) of staff and business functions.
• 
  Perform regular analysis on such metrics to identify common security capabilities gaps and determine effective risk treatment solutions needed to bring down the People risk.
• 
  Manage the delivery of regular secure coding training, with gamification approaches, to elevate the attention and skillset of our IT teams/developers in the area of application security.
• 
  Explore in-house development or existing solutions with security competency vendors to gamify the security learning experience for all stakeholders to achieve a people-centric, people led security awareness programme.
• 
  Work with respective process owners to innovate existing BAU operations such as follow up reporting and escalations through automated controls.
• 
  Manage partnership with various business functions and Risk teams to foster harmonious relationships, which would be vital in breeding a highly positive risk and security awareness culture across the four entities.
• 
  Level and type of budgetary or financial control of the position.
• 
  Responsible for budget of Information Security and Governance unit.
• 
  Other quantitative / qualitative measures, e.g. time, quality, feedback, etc., that are tied to the objective of the area of responsibilities:
• 
  Downward trend in cyber security incidents and data privacy related incidents arising from improved security capabilities amongst stakeholders.
• 
  High take up rate and good response from stakeholders for post-transformed security awareness programme, in terms of security awareness solutions delivered.
• 
  Increased proportion of staff and agents recorded as reporting the simulated phishing emails during the regular phishing/social engineering exercises.
• 
  Improved productivity from ISG BAU services through completion of process automation initiatives.

• 
  Bachelor\xe2\x80\x99s degree of Computer Science, Computer Engineering, or other related degrees.
• 
  Information Systems Security professional certifications, such as CISSP, CISA, CRISC, CISM.
• 
  Minimum 8 years of experience with at least 5 years\xe2\x80\x99 of experience driving security awareness programmes for companies or in major tech firms or regulated organization (e.g. Government, FIs).
• 
  Good conceptual knowledge of cybersecurity threats and processes.
• 
  Highly driven professional passionate in the world of cyber security and keenness to share knowledge to the wider audience in this area.
• 
  Hands-on experience in security awareness tools and solutions is a requirement.
• 
  Candidates who had undergone successful attempts at transforming processes through automation techniques, data analysis or predictive modelling such as RPA, GAI, Data Analytic or ML.
• 
  A team-player taking ownership and helping colleagues.
• 
  Excellent Analytical, Coordination and Interpersonal Skills.
• 
  Good communication skills and the communication network of the incumbent is expected to be internally within Technology Department (15%) and Enterprise Risk Management, Compliance, Internal Audit (10%) and external with Vendors and Service Providers (15%), Business Departments (40%), Senior Management and Sub-Committees (10%) and Group Technology and Group Information Security (10%)