At AIA we've started an exciting movement to create a healthier, more sustainable future for everyone.
As pioneering innovators for over 100 years, we're now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.
To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.
If you believe in developing a better tomorrow, read on.
About The Role
This position enhances the organisation's cybersecurity posture by driving penetration testing activities and strengthening vulnerability management capabilities. The role is responsible for identifying, validating, and tracking security weaknesses through structured assessments, coordinated testing, and continuous monitoring. It supports threatdriven analysis, remediation planning, and riskbased reporting to ensure timely closure of vulnerabilities.
Roles And Responsibilities
Application Security & Vulnerability Management
- Participate in vulnerability scans and coordinate followup activities to ensure timely remediation by the respective system owners.
- Assist in documenting vulnerability risk assessments, mitigation plans, and remediation status tracking.
- Support secure code review processes, including coordinating with developers and documenting identified issues.
- Provide support for data protection assessments and secure development activities within the SDLC.
- Coordinate and manage the scheduling of penetration testing activities, ensuring proper planning, prioritisation, and alignment with project timelines and business requirements.
- Support endtoend documentation, preparation, and coordination for penetration testing engagements, including scope definition, test plan validation, and closure reporting.
- Assess security controls and compliance within the SDLC, ensuring security requirements are embedded early and consistently across project phases.
Vendor & Procurement Management
- Manage designated penetration testing and security assessment vendors, ensuring quality delivery, adherence to scope, and timely submission of reports.
- Oversee the procurement process for security testing services, including preparing requirements, evaluating proposals, completing vendor onboarding documentation, and coordinating with Procurement and Finance for approvals.
- Monitor vendor performance, service quality, and contract compliance, providing feedback and driving improvements where needed.
Audit & Compliance
- Prepare, organise, and maintain documentation required for internal audits, external audits, and regulatory cybersecurity reviews.
- Support evidence gathering, compliance validation, and tracking of audit observations related to application security, penetration testing, and vulnerability management.
Minimum Job Requirements
- Bachelor's degree in Computer Science, Information Systems, or a related field.
- 13 years of experience in Application Security, Cybersecurity, or related domains.
- Foundational knowledge of cybersecurity principles, tools, and frameworks, including but not limited to OWASP, NIST, ISO/IEC 27001, CIS Controls, MITRE ATT&CK, COBIT, and ITIL. Familiarity with vulnerability scanners, penetration testing tools, and secure coding platforms is advantageous.
- Strong analytical and documentation skills.
- Good communication and teamwork abilities.
- Industry certifications (e.g., CompTIA Security+, ISO 27001, or equivalent) are an advantage.
Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.
You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date. 
