Senior Manager, Technology Risk
- Not Specified
- Hong Kong
- Permanent, Full time
- AIA International Limited.
- 19 Feb 19
AIA International Limited
About AIA Hong Kong and AIA Macau AIA Hong Kong and AIA Macau are subsidiaries of AIA Group Limited. AIA Group Limited established its operations in Hong Kong in 1931. We have more than 15,000 financial planners*, as well as an extensive network of brokerage and bancassurance partners who serve more than 1.8 million customers*. Our products range from individual life, group life, accident, medical and health, personal lines insurance to investment-linked products with numerous investment options. We are also dedicated to providing superb product solutions to meet the financial needs of high net worth customers.
* As of February 2016
Working in conjunction with other professional colleagues and specialists, the Technology Risk Manager is responsible for the development and implementation of technology risk management governance programmes with the alignment of the Group Office Technology Risk strategic direction.
The Manager is also responsible for technology disaster recovery planning and the coordination of periodic drill exercises.
Roles and Responsibilities
Technology Governance & Control
- Develop and manage technical risk governance framework & risk portfolio, which follows the Company’s IT control standards and guidelines.
- Manage and coordinate cyber security assessments include vulnerability scanning, independent penetration test on IT infrastructure and applications.
- Work with IT operation to monitor and report suspicious activities and behaviours.
- Support internal/external audit on compliance assessment and regulatory audit work.
- Manage and coordinate security incident response, handling and investigation process.
Technology Disaster Recovery Planning
- Manage the design, implementation, and communication of technology disaster recovery plans and processes that ensure the security, availability and integrity of company data, databases, information systems, and technology.
- Conduct technology Impact analysis and continuity risk assessments of critical technology assets.
- Evaluate and recommend technology recovery strategies and options, and assist with the implementation of these solutions.
- Coordinate periodic drill exercises of technology disaster recovery plans to validate adequacy of plans and training of personnel who execute them and prepare reports on the readiness for management.
Communication and Training & Awareness
- Manage and communicate with group offices, business partners, corporate clients, IT vendors and external parties on IT security matters.
- Develop plans to uplift the technology risk standard and resiliency across the organisation.
- Degree holder in Computer Science, Information Systems, or related discipline.
- Minimum of 10 years of relevant and solid experience in technology risk management and control, gained from sizable multi-national banks and insurance companies, which includes at least 2 years of technology experience knowledge to support recovery strategy design and testing.
- Preferable to have relevant Certified Business Continuity Professional CBCP certification and IT security certifications (e.g. CISA, CISM, CISSP etc.).
- Solid experience in handling with technology Audit and cybersecurity assessments against information security frameworks or standards, such as ISO 27001, PCI-DSS, etc.
- Familiar with relevant technology control requirements from different regulatory bodies of Hong Kong, such as Insurance Authority, Mandatory Provident Funds Schemes Authority, etc.
- Excellent communication (written and oral) and highly effective facilitator of cross functional teams.
- Excellent leadership and management skills and proven ability to build, manage and foster a team-oriented environment.
- Confident and trustworthy; keen to earn the respect and trust of, and inspire, others. Independent and strong self-initiative to work creatively and analytically in a problem-solving environment.
We offer an attractive remuneration package to the successful candidate. Please submit your application by clicking “Apply Now” for our processing.
All personal information provided by applicant will be treated in strict confidence and used solely for recruitment purposes. The personal information will be used strictly in accordance with AIA’s personal data policies, a copy of which will be provided upon request. It is possible that information about the applicant or the applicant’s application will be shared with AIA and its related companies. AIA will retain all applications for a period of up to 24 months after which the documents will be destroyed.