Job description
Strategic
Responsible for promoting an environment where a risk management culture can flourish.
Ensure on-going integration of Information Security with business strategies and requirements.
Assist Director of IT Risk & Security in ensuring relevant BP and IT controls are implemented as part of Business BAU activities for Asia Pacific BUs, which includes advisory and assistance on such activities.
Governance
Ensure key risks have been identified, measured, monitored, managed and reported.
Ensure appropriate levels of risk skills and experience within the team to support consistent risk management practices.
Perform and complete relevant annual IT/BP minimum controls
Implement, manage and enforce security requirements provided by Group BP and local regulators (MAS).
Co-ordinate IT Audits and conduct periodic security compliance checks (eg. Clear Desk, Security Awareness Training).
Assist in the preparation of SG/HK/MY IT risk reports and regional consolidated reports.
Provide oversight and governance of IT/BP Policy requirements for the region
Operational
Create and maintain a risk management environment that ensures risks taken by the function are identified, assessed and frequently monitored, managed and reported against.
Support in embedding Aviva’s risk management systems and processes with appropriate resources and robust risk management information systems in place and actively used.
Aviva BP/IT policy set implemented effectively, driving appropriate risk mitigation activity.
Co-ordinate, manage annual IT & BP minimum controls review and documentation
Co-ordinate with various departments in APRO to ensure business continuity programme is reviewed, updated and tested annually.
Provide IT security guidance and share best practices with regional counterparts.
Ensure Information Security Risk assessments are carried out for relevant projects/activities
Provide Security services and operations for the Singapore shared services.
Desired Skills and Experience
QUALIFICATIONS
Professional qualifications: CISSP, CISA, CIMA preferred, with good understanding of ISO 27000 and COBIT.
SKILLS/KNOWLEDGE
Strong technical skills (application and operating system hardening, vulnerability assessments, security audits, TCP/IP, Intrusion detection systems, firewalls, etc)
EXPERIENCE
Experienced in management of both physical and logical information security systems, minimum 8 years, with 3 years in managerial position.
Subscribe to us
100% Free.
close