At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.
As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.
To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.
If you believe in developing a better tomorrow, read on.
About the Role
Managing the organization’s security patching operations, ensuring timely remediation of vulnerabilities and end-of-life (EOL) software risks across all systems and platforms. This role is responsible for conducting the assessment, prioritization, and deployment coordination of security patches in alignment with threat intelligence, compliance requirements, and business risk. Additionally, this role would be also implementing various security automation initiatives, including planning, executing, and performing hands-on various security automation tooling and scripting as well as driving continuous improvement of patch management processes, collaborate with cross-functional teams, and ensure the organization maintains a strong and resilient security posture.WHAT YOU’LL BE DOING:
Security Patching (Vulnerability & EOL Management)
Manage end-to-end security patching lifecycle for systems and platforms, ensuring timely remediation of vulnerabilities and end-of-life (EOL) software components.
Collaborate with vulnerability management and infrastructure teams to assess, prioritize, and deploy patches based on risk and business impact.
Maintain and enhance security patch management processes and documentation, ensuring alignment with best practices, policies & procedures, and compliance requirements.
Coordinate and execute patch testing, deployment, and validation activities across diverse environments. Track and report patch compliance metrics, highlighting gaps and driving continuous improvement.
Explore possibilities for automation.
Serve as a subject matter expert (SME) for patching tools and technologies and provide guidance on patching strategies for legacy and modern systems.
Security Automation (Scripting, Orchestration, and Dashboard)
Design, develop, and maintain security automation scripts and workflows to streamline detection, response, and remediation processes of EOL, vulnerable components, and other dashboards development.
Implement and enhance automation playbooks for repetitive security patching processes, including analysis, triage, and deployment.
Collaborate with Incident Response Team and DevOps teams to identify automation opportunities and integrate EOL continuous remediation and improvement.
Manage and enhance various reporting dashboard based on JIRA, Power BI, and other technology stack.
Ensure automation solutions are scalable, maintainable, and aligned with security policies and standards. Additionally, to stay keep ahead with emerging technologies (especially AI security) to continuously improve automation capabilities securely.
WHAT YOU SHOULD HAVE:
University degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems).
Preferably a holder of one or more of the following information security qualifications or developer certifications: CEH, ECSA, or Azure/AWS/GCP certifications.
8 years of Tech experiences with at least 4-6 years of experience in cyber security area in a regulated environment (e.g. bank, insurance, fintech, etc.)
Strong knowledge of cybersecurity vulnerability management & EOL process remediation and automation, patching processes and tooling, cyber monitoring, and AI security.
Hands-on scripting with python/shell script/other scripting languages, dashboard visualization & API integration with Power BI & Power Automate, and knowledge of various source code management systems & cloud environment (such as Azure, AWS, GCP), including understanding of containers and micro-services-based architecture.
Working experience as developers or DevOps would be an added advantage.
Ability to drive the problem resolution of complex security issues, with strong analytical mindset based on data-driven approach.
Experience of the implementation of a variety of security tools and documentation of the process.
Familiarity with MAS TRM regulatory requirements.
Excellent interpersonal and communication skill, with ability to deliver the key message of “why”, “what”, and “how” certain things are needed for remediation with elaboration of the risks, severity and impact.
Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.
You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.