Job Description
This role provides end‑to‑end local Information Security support to Group Information Security Managed Marketed. (Predominantly for AIA Sri Lanka), operating from ITM Malaysia.
The position acts as the primary local Information Security contact for SL business and IT stakeholders, ensuring security assessments, risk management, IAM activities, cyber security operations, audit support, reporting, and security awareness are executed in alignment with Group Information Security (GIS) standards.
Key Responsibilities:
Security Assessments & Risk
- Act as assessor for SAS (Security Assessment Services) for IT engagements in AIA SL. (Perform threat Modelling - coordinating and support security scans)
- Coordinate TPSA assessments, Initial TPM risk reviews and endorsement for approval, issue follow‑ups, and eGRC (exception management) updates.
- Review and endorse change Risk Assessments for CAB security clearance.
BAU Information Security Support
- Support GIS initiatives and security changes to be successfully rolled out within the BU.
- Act as the primary Information Security contact point for SL business and IT users.
- Support Security KRI tracking, escalations, and non‑compliance follow‑ups.
IAM
- Coordinate and execute local application access recertification.
- Support and follow up on Group information security managed recertifications to ensure timely completion.
Cyber Security Operations
- Support Security alert and incident coordination to ensure that security alerts are acted upon timely.
- Design and run quarterly phishing simulations. Agency staff in AIA SL.
- Coordinate WAF changes and change management activities.
Support Audit & Reporting
- Initial review of exceptions raised by the Local BU stakeholders.
- Act as first contact for IT audits and support on coordinating the audit related activities with respective stakeholders.
- Preparing required reports periodically for the stakeholders.
Awareness & Training
- Support new joiner security trainings.
- Conduct ad‑hoc security awareness sessions for IT and business users as and when required with the changes in the Security standards.
- Follow up and escalate mandatory training non‑compliance.
Skills and Requirements
- Information Security Risk Management and Application security risk assessment.
- Strong coordination, stakeholder management skills.
- Ability to operate independently as a local BU security focal point.
- Strong AI adoption, data analysis, and automation skills using enterprise productivity and collaboration platforms.
- Fluent in English and proficient in Sinhala (required to support AIA Sri Lanka stakeholders).
- Minimum 5 years of experience in Information Security, Cyber Security, Risk, Governance, or related domains.
- Professional security certifications such as CISM, CISSP (or equivalent) will be an added advantage.
