Bring your career aspirations to life with AIA!Seeking an experience Business Information Security manager that will work closely with the business unit (BU) technology and business leaders to drive the Information Security agenda. In this role, you will develop a deep understanding of the business in order to have information security risk-based discussions. Additionally, you will help shape/drive the operating model that could be replicated to other BU's and act as point person to provide guidance on information security topics, policies and controls.
Act as an Information Security subject matter expert/advisor and drive the development, implementation and maintenance of information security agenda for our Group Office Business Unit.
Serve as trusted advisor on risk issues related to information security and recommend actions in support of the Group business unit and Technology initiatives.
Drive and provide oversight of the end to end information security controls that mitigate risk through active engagement, thematic review, risk analysis and control deep dive in order to proactively manage and reduce the BU's residual information security risk profile.
Ensure information security standards/control compliance and reduce security risks for Group Technology through BAU assessments and cyber hygiene remediation in Group's applications portfolio.
Serve as the liaison, assess complex business and technical requirements, communicate inherent security risks and recommendation to technical/non-technical owners.
Build and deliver program/security metrics and communications to provide transparency to stakeholders, including executives.
Identify and drive continuous process improvements across security programs and services.
Drive the adoption of the IS target operating model for Group BU and assist with business support/team engagement routines.
Job Requirements :
Degree in Computer Science or related discipline.
10+ years of experience in Information security or technology control function, preferably with some PM experience in driving assessment/remediation programs.
Be able to understand complex business processes and deal well with a high degree of ambiguity.
Interact effectively with a range of business roles, from technical software developers, senior business leaders and 2/3LoD partners.
Have good analytical skills, solid business judgment and strong risk mindset to lead to the right results.
Have interpersonal skills and confidence to build a trust relationship with your stakeholders to enable you to act as a valued advisor.
Be able to translate security risks into business issues and help prioritize findings and recommendations in tune with our governance strategy.
Ability to operate with a limited level of direct supervision.
Self-starter, proactive in taking initiative to improve business processes.
