Position Objective:
The role will provide IT security testing and validation support to Group Office initiatives and across Technology functions in 18 business units to ensure secure delivery and operation of IT infrastructure, applications, and services. The individual is expected to run the daily operations ensure IT services are scanned and tested, vulnerabilities re-mediated, and reporting on vulnerabilities, remediation, and testing metrics.

Roles & Responsibilities:
? Manage security testing tools for vulnerability scanning and assessing AIA IT infrastructure and applications
? Execute security scanning on AIA IT resources on-prem and in the cloud
? Liaise with local business units on security testing procedures, reporting, and provide assistance with remediation and re-test
? Support integration and automation of security testing tools with scripts, CI/CD pipelines, cloud services, and other security technologies
? Provide advisory on IT vulnerabilities, risk assessment, and appropriate remediation actions
? Ensure adherence and compliance to the vulnerability management policies and standards
? Provide regular reports on security testing metrics 

Requirements:
? Experience
Over 5 years of relevant experience, preferred to be gained from financial services industries
Prior experience in Technology Risk Management, infrastructure security, application security, cloud security, and container security
Familiar with security scanning tools, vulnerability and compliance management, security testing procedures
Relevant experience with security benchmarks, such as CIS, OWASP, SANS, etc.

? Education & Certification
Degree holder in Computer Science or related discipline
Information Security related certifications desirable e.g. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk & Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT)

? Special skills 
Good communication and interpersonal skills
Attention to detail and ability to report on key activities and status
Initiative to drive assigned tasks to completion
Proficient in both spoken and written English

友邦资讯科技(广州)有限公司由友邦保险有限公司独资兴办。公司宗旨是为友邦保险集团属下全球的业务单位提供软件开发、维护、管理及业务外包等服务。

公司秉承以客户为中心的服务理念，不懈地进行有效的持续改进工程，务求成为友邦保险集团内一流的信息技术和企业营运中心,为客户提供高素质的服务和解决方案。公司的业务主要包括：开发及维护保险软件及办公室自动化、商务外包服务、架构支持（包括数据中心服务）、产品及工具开发。