Role: Security Engineer
Role & Responsibilities:
Technology and Cybersecurity Risk Governance
- Assist in maintaining the technology risk governance framework and supporting the achievement of relevant certifications.
- Support compliance activities with Bank Negara Malaysia's RMiT policy and other regulatory requirements.
- Contribute to the development and review of IT and Cybersecurity Risk Appetite statements and governance strategies.
- Provide governance and controls oversight for technology and cybersecurity issues and risks.
- Support the coordination of the Information Security Working Committee and related governance forums.
Technology and Cybersecurity Risk Management
- Lead and execute periodic control assessments and risk assessments, ensuring comprehensive coverage of all critical technology and cybersecurity domains.
- Document, track, and report on risk assessment findings, ensuring clear communication of risk exposure and recommended actions to relevant stakeholders.
- Act as the primary risk manager for open risk issues, ensuring all risk commitments are tracked, escalated where necessary, and remediated in a timely and effective manner by risk owners.
- Prepare and report key risk metrics for management review.
- Provide control assurance support, including facilitation of risk assessments, deviations, and mitigation plans.
- Assist with internal and external audits, including coordination of control assessments and regulatory compliance.
- Conduct third-party security risk assessments (TPSA) and support supply chain security risk management.
- Track and follow up on audit findings and ensure timely closure.
- Monitor external threat intelligence and escalate emerging risks as needed.
Information Technology and Cybersecurity Policies and Standards
- Assist in reviewing, maintaining, and publishing information security policies, standards, and procedures.
- Support the approval, training, and dissemination of security policies and practices.
- Monitor IT department compliance with cybersecurity policies and controls.
- Recommend updates to policies and procedures to enhance operational efficiency and regulatory alignment.
Requirements:
- Excellent verbal and written English broadly to senior both technical and none-technical audience
- Good listening, negotiation and interpersonal skills
- Ability to work independently and at the same time a team player
- Bachelor's degree (preferably in IT) in computer science, computer engineering, information systems, or a related study, or equivalent.
- Must have at least 8 years of relevant working experience in the managing of information and cyber security risks, FI-experienced preferable or enough work engagement in the Financial Industry.
- Industry-recognized professional information security certifications e.g. CISSP, CISA, CISM, CRISC, CGEIT is an added advantage.
- Solid understanding of operations and technology including Cloud. Direct and matured experience will be an added advantage.
- Good understanding of the insurance business domain and its critical success factors.
- Strong conceptual and analytical mindset supported by the ability to amass and integrate diverse information from various sources into technology and cybersecurity risk conclusions and recommendations.
- Strong sense of resourcefulness in sourcing data and meticulous in detail analysis besides the dexterity of learning and assimilating the multitude of disciplines in IT and Business functions.
- Ability to develop a comprehensive understanding of AIA's business, market, industry and relate that knowledge to identified operations- and IT-related risks
- Knowledge necessary to propose relevant IT responses to changing business risks and regulatory changes
- Has in depth understanding of business risk, IT Governance, Enterprise Risk Management, Information security, and local regulatory compliance requirement.
- Must have experience with the engagement and interacting with the financial regulator (BNM).
- Results driven with strategic qualities.
- High degree of integrity, responsibility and ability to work with little supervision
