Consultant, Technology Risk, Enterprise Risk Management

AIA SINGAPORE PRIVATE LIMITED

• Technology Risk Advice and Guidance: Provide risk, control and compliance advice to stakeholders at all levels.

• Policy and Framework Implementation: Provide support in implementing the Group/ AIAS technology risk (including AI risk) framework and policy requirements.

• Risk Profiling: Facilitate the identification and assessment of risks and controls. Facilitate regular reviews and updates to established risk profiles based on trigger events.

• Controls - Assist Technology to design, assess and measure a control environment that mitigates the risks, meets regulatory obligations, and complies with internal policies.

• Incident management - Provide guidance and support in performing incident root cause analysis and identifying control breakdowns for technology related incidents.

• Key indicator and trend analysis: Implement risk & control data analytics. Define and build KRI reporting to support effective risk reporting.

• Reporting: Provide regular reporting to Board and senior management on technology risk and security matters.

• Project Risk: Provide risk advice on major Technology and Business initiatives to ensure that Group/AIAS Security requirements are met, and the appropriate controls are implemented.

• Training and Awareness: Increase Technology Risk awareness and enhance risk culture across the organization via regular training sessions.

• Regulatory and Audit Engagements: Assist with IT related regulatory inspections and internal/external audits.

You possess a can-do attitude and exceptional communication skills for this highly visible role. You will also:

• Possess 8+ years of technology risk management experience preferably in the insurance or financial services sector with a Bachelor or Master’s degree holder in Information Technology, Risk Management or related disciplines;

• Solid understanding of current/emerging enterprise technology (eg cloud, DevOps, artificial intelligence, machine learning technologies, data science etc.) and security regulations, frameworks, standards and controls, including MAS requirements and controls.

• Experience in developing policies or establishing governance frameworks, including those related to AI risk management.

• Ideally have hands on data analytics expertise to enable deep analysis and proactive identification of emerging risk and control issues.

• Relevant certifications essential e.g. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC);

• Knowledge of relevant programming languages / tool sets such as Python, PowerBI, Office 365 etc and experience in first line technical roles such as developer, programmer, architect, software engineering, data analysts will be an advantage.