At AIA we've started an exciting movement to create a healthier, more sustainable future for everyone.

If you believe in developing a better tomorrow, read on.

About the Role

The Solution Architect will drive the solution architecture and security design implementation, as well as the maintenance of robust security architecture tailored for AIA. This includes maintaining the enterprise solution architecture and security blueprint that protects AIA's digital assets, infrastructure, and data. The role ensures the safeguarding of sensitive financial information by integrating security best practices and adhering to regulatory standards such as ISO/IEC 27001, NIST, and other relevant industry regulations.
The architect will work closely with IT, application portfolio teams, development teams, and risk management to embed solution and security measures into all aspects of the technology infrastructure and the software development lifecycle, with a strong focus on a riskbased and compliancedriven approach.
As a Solution Architect, you will ensure that the solution and security architecture aligns with business objectives, regulatory requirements, and industry best practices. You will lead the application portfolio solution design, the development of security frameworks, standards, and policies, and provide expert guidance on secure design principles and risk mitigation strategies across projects and operational activities.

Roles and Responsibilities:

Solution Design & Architecture

• Design end-to-end solution architecture (application, integration, data, security, infrastructure).

• Ensure solutions are scalable, resilient, secure, and costeffective.

• Define architecture patterns, standards, and best practices.

• Produce architecture artifacts such as the Solution Architecture Document (SAD), High-Level Design (HLD), and architecture landscape diagrams.

Technology Section

• Evaluate and recommend appropriate Group-standard technologies, platforms, and tools.

• Balance buildvsbuy decisions based on business needs and longterm viability.

• Ensure alignment with enterprise standards and the target architecture.

Integration & Data Design

• Design system integrations (APIs, event-driven architectures, middleware).

• Partner with Data Architects to define data flows, data models, and data ownership.

• Ensure interoperability across systems and platforms.

Architecture Delivery & Implementation support

• Work closely with delivery teams (developers, DevOps, vendors).

• Provide design guidance and resolve technical issues during implementation.

• Ensure solutions are delivered according to Group standards and approved architecture.

Security Architecture & Design

• Lead the development and implementation of enterprise security architecture strategies, frameworks, and mitigation plans.

• Design secure systems and network architectures aligned with business objectives, regulatory requirements, and industry best practices.

• Translate business and technical requirements into robust and secure architecture solutions.

Governance & Assurance

• Own the security review process and produce security design blueprints for ARB and other governance forums.

• Provide architecture assurance in line with enterprise architecture roadmaps, standards, and security policies.

• Define and maintain security standards, guidelines, and reference architectures.

Risk Management & Compliance

• Conduct threat modelling, risk assessments, and security impact analyses for new and existing solutions.

• Stay informed on regulatory changes impacting cybersecurity within the insurance and financial services sector.

• Evaluate emerging security technologies and recommend adoption where appropriate.

Collaboration & Advisory

• Partner with solution architects, development teams, and business stakeholders to ensure secure design and implementation.

• Present security architecture and risk mitigation strategies to ARB and senior leadership.

• Provide advisory and assurance support to the Local Information Security (LIS) team during investigations of security incidents.

Documentation & Review

• Review and endorse technical documents (impact analyses, functional designs, interface agreements) from a security perspective.

• Provide input on the strategic direction of security investments and enterprise risk posture.

Leadership & Enablement

• Act as the technical subject matter expert for all security-related design decisions.

• Coach junior team members and promote security awareness across IT and business teams.

Continuous Improvement

• Identify opportunities for optimization and innovation.

• Stay updated on emerging technologies and industry trends

• Improve solution quality, performance, and operational efficiency.

Minimum Job Requirements:

• Proven experience delivering endtoend enterprise or digital solutions and security architecture design, preferably within the financial services or insurance industry.

• Bachelor's degree in Computer Science, Enterprise Solution Architecture, Cybersecurity, Engineering, or a related discipline.

• At least 6-8 years of experience in endtoend solution architecture, IT security architecture, risk management, or cybersecurity operations.

• Solid understanding of API design, microservices, and eventdriven architecture.

• Familiarity with databases, data integration, and messaging platforms.

• Strong solution design skills with the ability to produce SAD/HLD documents, architecture landscape diagrams, and architecture decisions.

• Experience applying architecture principles, patterns, and standards.

• Understanding of DevOps, CI/CD, and modern SDLC practices.

• Strong knowledge of security frameworks (e.g., ISO/IEC 27001, NIST, COBIT).

• Knowledge of cloud security architecture and platforms (Azure preferred), as well as DevSecOps practices.

• Experience in threat modelling, risk assessment, and security control implementation.

• Handson experience with security technologies such as firewalls, SIEM, IAM, DLP, and endpoint protection.

• Familiarity with regulatory requirements (e.g., PDPA, GDPR) and industry standards (e.g., PCI DSS).

• Excellent analytical, problemsolving, and decisionmaking skills.

• Experience in both Agile and Waterfall methodologies and secure software development lifecycle (SDLC) practices.

• Relevant certifications such as TOGAF, IASA, or Cloud Solution Architect certifications.

• Additional certifications such as CISSP, CISM, or SABSA are highly desirable.