At AIA we've started an exciting movement to create a healthier, more sustainable future for everyone.
As pioneering innovators for over 100 years, we're now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.
To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone. If you believe in developing a better tomorrow, read on. About the Role
You will be responsible for the overall Cyber Security Operations (including IAM/EDR/DLP etc.), security posture (VMS, regular IVA, EVA and WAS) and baselines governance of AIA Singapore and local/group security projects deliverables.
Serve as the primary contact to any cyber security incident within the Department for AIASG and to perform vital functions in identifying, mitigating, reviewing, documenting, and reporting findings to management, run IMT meetings and evaluate potential information security risks and ensures their corresponding risk exposures are appropriately addressed such that the company's image and value are protected. Enhance our cyber security readiness for cyber security incidents and uplift our capabilities to tackle the future emerging cyber risks. WHAT YOU'LL BE DOING:
WE ARE LOOKING FOR SOMEONE WITH | YOU WILL HAVE:
- This role includes responsibilities of managing 3 team members and overseeing operations, subsidiaries, assigned POA over specific matters and/or other appointments such as Data Protection Officer
- Maintain an oversight of all the alerts from FINTECH, MASNET, Group Cyber SOC for AIASG and provide support to incident response personnel to ensure all deliverables are met within SLAs.
- Maintain an oversight of related security posture and baseline and ensure related vulnerabilities are remediated timely as per established standard to minimize risk exposures.
- Drive local security projects and group security project facilitation.
- Develop and maintain local incident response playbooks and other detection/response related standard operating procedures to ensure compliant to the MAS regulations.
- Act for the incident response action approval chain and support any incident response obligation for third parties.
- Respond to computer security incidents according to established response processes, leverages subject matter expertise where established processes do not exist.
- Acts as a subject matter expert regarding CSIRT incident response processes from local perspective.
- Provides guidance to other stakeholders during the incident response process and follow & track all the remediation actions till incident closure.
- Chair local IMT (Incident Management Team) calls and keep senior management and stakeholder updates on the progress of cyber incident management.
- Identify and manage potential and actual operational issues within the incident detection/response domain and take corrective action whenever required
- Work as a liaison between the SOC Team, other departments, and upper management for AIASG and potentially local regulators
- Manage relationships with our customers' and third parties' tech incident teams and frequently interact with client management for any security incident related queries.
- Work closely with the Group SOC team to manage ongoing service delivery and onboarding of local process within the SOC alignment and compliant to the local regulations.
- Level and type of budgetary or financial control of the position, responsible for budget of Information Security and Governance unit.
- Other quantitative / qualitative measures, e.g. time, quality, feedback, etc., that are tied to the objective of the area of responsibilities.
- Downward trend in cyber security incidents and less DP incidents.
- Uplift Cyber Security process, controls and maturity level for Cyber Security Incident.
- Support for the Cyber Security score in the annual MAS CRAFT report.
- Bachelor's degree of computer science, computer engineering or other relevant degrees
- Minimum 8 years of IT experience with at least 4 years' of experience in cyber security incident handling in a regulated environment (e.g. FSI, government etc.)
- Strong knowledge of cybersecurity incident management covering identification, containment, response, recovery and reporting
- Sound knowledge of Cloud, Cyber Monitoring, Threat Hunting, and Cyber Threat Intelligence
- Natural ability to take the lead and drive the investigation of complex security issues, with strong analytical and problem-solving skills
- Self-driven professional interested in the world of cyber security
- Standby for the serious security incident during weekend or off-working hours if necessary
- Hands-on experience for the cyber security incident scenario preparation and tabletop exercise
- Technical understanding of enterprise network, various components and designs and strong understanding of Operating Systems, Applications, Databases in both on-prem and Cloud environment, how they are exploited and how to defend
- Good knowledge of conducting RCA for the incident
- Information Systems Security professional certifications, such as CISSP, CISA, CISM, CSSP or Cloud related.
- A team-player taking ownership and helping colleagues.
- Excellent Analytical, Coordination and Interpersonal Skills.
- Good communication skills and the communication network of the incumbent is expected to be internally within Technology Department (30%) and Enterprise Risk Management, Compliance, Internal Audit (15%), Business Departments (10%), Senior Management and Sub-Committees (10%),Group Technology and Group Information Security (20%) and external with Vendors and Service Providers (15%).
Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.
You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.