AIA Digital+ is a Technology, Digital and Analytics innovation hub dedicated to powering AIA to be more efficient, connected and innovative as it fulfils its Purpose to help millions of people across Asia-Pacific live Healthier, Longer, Better Lives.

If you are hungry and driven to play an active role in shaping a better tomorrow, we want to hear from you. Because the work we do at AIA Digital+ makes a difference in the lives of millions of people, every day. We will equip you with the critical skills, tools and technology, and endless opportunities to learn, contribute and thrive in a dynamic and exciting environment.

If you want to shape a brighter future at AIA Digital+, please read on.

About the Role

This role provides end‑to‑end local Information Security support to Group Information Security Managed Marketed. (Predominantly for AIA Sri Lanka), operating from ITM Malaysia.
The position acts as the primary local Information Security contact for SL business and IT stakeholders, ensuring security assessments, risk management, IAM activities, cyber security operations, governance, audit support, reporting, and security awareness are executed in alignment with Group Information Security (GIS) standards.

Key Responsibilities:

Security Assessments & Risk

• Act as assessor for all SAS (Security Assessment Services) for IT engagements in AIA SL. (Perform threat Modelling - coordinating and support security scans )
• Coordinate TPSA assessments, Initial TPM risk reviews and endorsement for approval, issue follow‑ups, and eGRC (exception management) updates.
• Review and endorse Change Risk Assessments for CAB security clearance.

BAU Information Security Support

• Support GIS initiatives and security changes to be successfully rolled out within the BU.
• Act as the primary Information Security contact for SL business and IT users.
• Support Security KRI tracking, escalations, and non‑compliance follow‑ups.

IAM

• Coordinate and execute local application access recertification.
• Support and follow up on Group information security managed recertifications to ensure timely completion.

Cyber Security Operations

• Design and run quarterly phishing simulations. Agency staff in AIA SL.
• Coordinate WAF changes and change management activities.
• Support Security alert andincident coordination to ensure that security alerts are acted upon timely.

Support Audit & Reporting

• Initial review ofexceptions raised by the Local BU stakeholders.
• Act as first contact for IT audits and support on coordinating the audit related activities with respective stakeholders.
• Preparing required reports periodically for the stakeholders.

Awareness & Training

• Follow up and escalate mandatory training non‑compliance.
• Support new joiner security training.
• Conduct ad‑hoc security awareness sessions for IT and business users as and when required with the changes in the Security standards.

Skills and Requirements

• Information Security Risk Management, Application security risk assessment.
• Strong coordination, stakeholder management skills.
• Ability to operate independently as a local BU security focal point.
• Strong AI adoption, data analysis, and automation skills using enterprise productivity and collaboration platforms.
• Fluent in English and proficient in Sinhala (required to support AIA Sri Lanka stakeholders).
• Bachelor's degree in Information Security, Computer Science, Information Technology, or a related discipline.
• Minimum 5 years of experience in Information Security, Cyber Security, Risk, Governance, or related domains.
• Professional security certifications such as CISM, CISSP (or equivalent) will be an added advantage.