At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

It’s about finding new ways to not only better people's lives, but to better the communities and environments we live in. And we build on this every day with our ambition to engage one billion people to live Healthier, Longer, Better Lives by 2030.

And to get there, we need leaders with the courage, clarity and humanity to inspire, guide and support their teams to thrive every day - in the work they do and the life they live. Our leaders always have and will play a vital part in our journey to help more people live Healthier, Longer, Better Lives, build healthier societies and cultivate healthier environments that better everyone.

If you sound like that leader, read on.  

About the Role

The Head of Technology Risk will lead and oversee the professional Technology Risk colleagues and specialists and act as a second line defence in partnership with the business owner to manage the concerning risks involving or affecting technology, and ensures that technology risks are appropriately identified, measured, assessed, and mitigated in the right priority.
He/ She is expected to take lead on the development and implementation of technology risk management governance programmes for AIA Hong Kong and Macau business which includes AIAI HK, AIAI Macau, AIA Everest, Blue Cross, U-Care and Blue Care. In addition, the role covers the optimal security implementation and implementation of operation model which are in alignment with the Group Technology Risk’s strategic directions.

Roles and Responsibilities:

Implementation of Technology Risk Governance Program (50%)

Responsible to develop and manage technology risk governance framework & risk portfolio, in accordance with AIA Group policies and guidelines.Proactively identify and effectively communicate emerging technology risks and opportunities to stakeholder at all levels of the organisation.Conduct gap analysis on various regulatory requirement and drive program to bridge the gap.Develop and implement the plans to uplift the technology risk standard and resiliency across the organisation.Collaborate with risk owners to drive the identification and assessment, management and response, monitoring, and controls of data and technology risks on key initiatives and projects.Champion and advocate the ownership of technology risk management, ensure risks are understood and managed within approved risk thresholds.Partner with Group Office to evaluate new tech risk solutions and assess the implementation risk of the group-wide projects.Increase awareness and enhance risk culture across the organisation and provide day to day risk and control advice as trusted 2nd line subject matter expert.
 

Reporting and Monitoring (as second line) (40%)

Define and monitor relevant KRIs related to IT risks and provide regular update to Operational Risk Committee, and update Group Technology Risk when necessary.Monitor security incident response, handling, and investigation process.Manage the communications with Group Office, business partners, corporate clients and other external parties on IT security matters.Interface and liaise with business key stakeholders (e.g. HR, PD, Customer Experience and Transformation, Health & Wellness Strategy Management etc) to roll out new Technology Risk initiatives and uplift the security of the business applications.Serve as subject expert in examining Risk Papers of key projects.Regular reporting to senior management and relevant committees on technology risk and security matters, including developments in the organization’s technology risk profile in line with developments within and outside the organization, to ensure that the information security, cyber risks and threats are within the company’s risk tolerances.Lead the technology risk and control assessment and effective risk management practices and recommend actions to be taken for execution.

Staff Development (10%)

Responsible for structuring, coaching, and developing team members to strengthen the capabilities of Technology Risk function.

Minimum Job Requirements:

Degree holder in Computer Science, Information Systems/ Security, or related discipline.At least 15 years of relevant and solid experience in technology risk management and control, gained from sizable multi-national banks and insurance companies.Solid understanding of IT security products and solutions. Knowledge of SailPoint IIQ and CyberArk are definite advantages.Subject matter expert in mobile and web application security -- Authentication, Access Control, Data Encryption and Data Loss Prevention.Equipped with IT security certifications -- Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Systems Manager (CISM), Certified Information Forensic Investigator (CIFI).Knowledge of PCI-DSS and implementing information security frameworks or standards, such as NIST, ISO 27001, COBIT.Analytical and objective; able to elaborate on, characterize, assess, and evaluate risks.Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and have a strong sense of taking one own’s initiative to solve problems.

Others:

You are required to obtain relevant license if your job involves in regulated activities

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.