Hiring.fm
AIA

Technology Risk Governance & Control, Principal

Kuala Lumpur, MY-AIA Malaysia Full time

At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.

As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.

To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.

If you believe in developing a better tomorrow, read on. 

About the Role

1. Support the implementation and ongoing management of the technology and cybersecurity risk governance framework to ensure compliance with regulatory requirements (e.g., BNM RMiT) and alignment with industry standards (NIST CSF, ISO/IEC 27001, PCI-DSS).
2. Lead and execute control assessments and risk assessments to proactively identify, evaluate, and mitigate technology and cybersecurity risks.
3. Act as a risk manager to ensure all open risk commitments are adequately tracked, managed, and remediated in a timely manner with risk owners.
4. Promote a strong security culture by supporting the development and dissemination of policies, standards, and awareness programs for employees and management.

Roles and Responsibilities:

Technology and Cybersecurity Risk Governance

  • Assist in maintaining the technology risk governance framework and supporting the achievement of relevant certifications.
  • Support compliance activities with Bank Negara Malaysia’s RMiT policy and other regulatory requirements.
  • Contribute to the development and review of IT and Cybersecurity Risk Appetite statements and governance strategies.
  • Provide governance and controls oversight for technology and cybersecurity issues and risks.
  • Support the coordination of the Information Security Working Committee and related governance forums.

 

Technology and Cybersecurity Risk Management

  • Lead and execute periodic control assessments and risk assessments, ensuring comprehensive coverage of all critical technology and cybersecurity domains.
  • Document, track, and report on risk assessment findings, ensuring clear communication of risk exposure and recommended actions to relevant stakeholders.
  • Act as the primary risk manager for open risk issues, ensuring all risk commitments are tracked, escalated where necessary, and remediated in a timely and effective manner by risk owners.
  • Prepare and report key risk metrics for management review.
  • Provide control assurance support, including facilitation of risk assessments, deviations, and mitigation plans.
  • Assist with internal and external audits, including coordination of control assessments and regulatory compliance.
  • Conduct third-party security risk assessments (TPSA) and support supply chain security risk management.
  • Track and follow up on audit findings and ensure timely closure.
  • Monitor external threat intelligence and escalate emerging risks as needed.

 

Information Technology and Cybersecurity Policies and Standards

  • Assist in reviewing, maintaining, and publishing information security policies, standards, and procedures.
  • Support the approval, training, and dissemination of security policies and practices.
  • Monitor IT department compliance with cybersecurity policies and controls.
  • Recommend updates to policies and procedures to enhance operational efficiency and regulatory alignment.

 

Cyber Training and Awareness

  • Support the development and delivery of cybersecurity awareness programs.
  • Assist in delivering targeted communication, training, and awareness initiatives for staff and management.

General Requirements:

  • Excellent verbal and written English broadly to senior both technical and none-technical audience
  • Good listening, negotiation and interpersonal skills
  • Ability to work independently and at the same time a team player

Internal (70%)

  • Regular updates to immediate supervisor on assigned tasks and progress.
  • Collaboration with IT Senior Leaders, Risk & Compliance, Internal Audit, and business stakeholders

External (30%)

  • Liaison with external auditors, regulators, and industry associations as required.

Type of Communication

  • Ensuring stakeholders adhere to IT policies, procedures, and remediation actions.
  • Facilitating agreement on risk acceptance and remediation with business and technical teams.

Minimum Job Requirements:

  • Bachelor's degree (preferably in IT) in computer science, computer engineering, information systems, or a related study, or equivalent.
  • Must have at least 8 years of relevant working experience in the managing of information and cyber security risks, FI-experienced preferable or enough work engagement in the Financial Industry.
  •  Industry-recognized professional information security certifications e.g. CISSP, CISA, CISM, CRISC, CGEIT is an added advantage.
  • Solid understanding of operations and technology including Cloud.  Direct and matured experience will be an added advantage.
  • Good understanding of the insurance business domain and its critical success factors.
  • Strong conceptual and analytical mindset supported by the ability to amass and integrate diverse information from various sources into technology and cybersecurity risk conclusions and recommendations. 
  • Strong sense of resourcefulness in sourcing data and meticulous in detail analysis besides the dexterity of learning and assimilating the multitude of disciplines in IT and Business functions.
  • Ability to develop a comprehensive understanding of AIA’s business, market, industry and relate that knowledge to identified operations- and IT-related risks
  • Knowledge necessary to propose relevant IT responses to changing business risks and regulatory changes
  • Has in depth understanding of business risk, IT Governance, Enterprise Risk Management, Information security, and local regulatory compliance requirement.
  • Must have experience with the engagement and interacting with the financial regulator (BNM).
  • Results driven with strategic qualities.
  • High degree of integrity, responsibility and ability to work with little supervision
  • Key personal and job attributes for success: -
  • (a) Focus on quality – timeliness, accuracy, completeness amid tight timelines and balancing of simultaneous priorities
  • (b) Good command of documentary skills including policy design and risk identification, assessment and management. 
  • (c) Strong communication and interpersonal skills completed by ability to engage business users in scoping requirements and with Group Office.
  • (d) Capacity to function under minimal supervision but optimal delivery
     

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.