Third-Party Security Risk Management, Consultant

At AIA we've started an exciting movement to create a healthier, more sustainable future for everyone.

If you believe in developing a better tomorrow, read on.

About the Role

This position is responsible for overseeing the Third-Party Security Risk Management domain, providing consultation, professional advice on information security and key technology risk matters relating to the mentioned geographical responsibilities, thereby adding value to building a strong information security risk culture centered on people, processes and technology. The role will require good understanding of security requirements in the financial industry, technology risk management methodology and the ability to work cohesively with internal and external stakeholders to maintain the highest standard of security.

WHAT YOU'LL BE DOING

Third-PartySecurityRiskManagement

• Managetheprocessofassessingandevaluatingthesecurityposturesofthird- party vendors and partners. The includes monitoring of third-party security assessment renewal, assigning the renewal reviews within the team and working closely with outsourced assessors on the status of Third-Party Security Assessments (TPSAs).

• Perform due diligence and risk assessments on third party vendors, ensure their compliance to regulatory requirements as well as Group and Local policy and standards.

• Third Party Uplift Initiatives to improve the customer experiences.

• Client Security Agreement - review clients contracts clauses to ensure alignment with company's security policies and practices.

• Audit and Regulatory Management - support and responding to audit queries and to be involved in control assessment related to Risk Management.

• May be assigned to drive or support other initiative like security assessment services.

SpecializedAreasGovernance

• The role may be called upon to lead or be involved in ensuring governance of specialized areas under information security, such as cloud security, application security, etc.

• Work closely with stakeholders including Technology risk management, Risk and Compliance, Legal, Business as well as other departments within Technology.

Theroleis animportantsupportto the Senior Manager of Technology Vendor Management.

WHAT YOU SHOULD HAVE

• Universitydegreeinoneofthefollowingorrelateddisciplines(Computer Science, Computer Engineering, Information Systems, Cyber Security)

• Preferablyaholderofoneormoreofthefollowinginformationsecurityand audit qualifications: CISSP, CISA, CRISC, CCSP

• At least 8-12 years of IT experience, audit, risk management roles, with good expertise and knowledge of governance reporting of technology risk issues and cyber security

• Richworkingexperiencefromfinancialindustryispreferred

• Experience and exposure in MAS TRMG and relevant notices, information security standards and audits such as ISO27001, NIST standard, SOC2 and OSPAR will be an advantage

• StrongknowledgeofKRIsandmetricsdevelopmentforsecurityandrisk management reporting

• Project Management experience is an advantage

• GoodCommunication,CoordinationandInterpersonalSkills

• Mature-thinking,meticulous,strongproblem-solvingandanalyticaltraits

• Highdrive,energyandgoodattitudeoverteamwork

• Abilitytoworkindependently,withhighlevelsofprofessionalintegrity

• Eagerness to learn and develop one's knowledge in information securityand risk management