Deskripsi Pekerjaan
Are you a seasoned Information Security professional with a passion for building robust governance frameworks? AIA, the leading life insurer in the Asia-Pacific region, is seeking a high-caliber Information Security Governance Consultant to join our team in Makati City. In this pivotal role, you will be the bridge between technical security operations and business objectives, ensuring that our digital landscape remains resilient against evolving threats while adhering to global regulatory standards.
You will play a vital role in architecting, implementing, and monitoring our security governance programs. We are looking for a strategic thinker who can translate complex compliance requirements into actionable security controls. If you thrive in a fast-paced, collaborative environment and are driven to protect the data of millions of customers, we want to hear from you.
Tanggung Jawab
- Develop, maintain, and oversee the Information Security Governance, Risk, and Compliance (GRC) framework.
- Conduct comprehensive security risk assessments and provide recommendations to mitigate identified vulnerabilities.
- Monitor compliance with internal security policies and industry standards (e.g., ISO 27001, NIST, PCI-DSS).
- Facilitate cross-functional collaboration between IT, Legal, and Business units to ensure security alignment.
- Manage the lifecycle of security policies, standards, and guidelines, ensuring they remain relevant to current threats.
- Lead internal and external security audits and prepare detailed reporting for senior management.
- Provide expert guidance on security best practices during the system development lifecycle (SDLC).
Kualifikasi
- Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
- Minimum of 5-7 years of experience in Information Security, Risk Management, or IT Audit.
- Professional certification such as CISSP, CISM, CRISC, or CISA is highly preferred.
- Deep understanding of security frameworks (ISO 27001, NIST, COBIT) and regional data privacy regulations.
- Proven ability to communicate complex security concepts to non-technical stakeholders.
- Experience in managing risk registers and conducting threat modeling exercises.
- Strong analytical skills with a meticulous eye for detail and regulatory compliance.