Position Objective:

The role will provide IT security testing and validation support to Group Office initiatives and across Technology functions in 18 business units to ensure secure delivery and operation of IT infrastructure, applications, and services.  The individual is expected to run the daily operations ensure IT services are scanned and tested, vulnerabilities remediated, and reporting on vulnerabilities, remediation, and testing metrics.

Roles & Responsibilities:

• Manage security testing tools for vulnerability scanning and assessing AIA IT infrastructure and applications
• Execute security scanning on AIA IT resources on-prem and in the cloud
• Liaise with local business units on security testing procedures, reporting, and provide assistance with remediation and re-test
• Support integration and automation of security testing tools with scripts, CI/CD pipelines, cloud services, and other security technologies
• Provide advisory on IT vulnerabilities, risk assessment, and appropriate remediation actions
• Ensure adherence and compliance to the vulnerability management policies and standards

• Provide regular reports on security testing metrics

Requirements:

• Experience
• Over 5 years of relevant experience, preferred to be gained from financial services industries
• Prior experience in infrastructure security, application security, cloud security, and container security
• Familiar with security testing procedures, security scanning tools, vulnerability and compliance management.  Penetration testing is especially beneficial
• Relevant experience with security benchmarks, such as CIS, OWASP, SANS, etc.
• span>
• Education & Certification
• Degree holder in Computer Science or related discipline
• Information Security related certifications desirable e.g. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk & Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT)
• span>
• Special skills
• Good communication and interpersonal skills
• Attention to detail and ability to report on key activities and status
• Initiative to drive assigned tasks to completion
• Proficient in both spoken and written English

友邦資訊科技(廣州)有限公司由友邦保險(xiǎn)有限公司獨(dú)資興辦。公司宗旨是為友邦保險(xiǎn)集團(tuán)屬下全球的業(yè)務(wù)單位提供軟件開(kāi)發(fā)、維護(hù)、管理及業(yè)務(wù)外包等服務(wù)。

公司秉承以客戶(hù)為中心的服務(wù)理念，不懈地進(jìn)行有效的持續(xù)改進(jìn)工程，務(wù)求成為友邦保險(xiǎn)集團(tuán)內(nèi)一流的信息技術(shù)和企業(yè)營(yíng)運(yùn)中心,為客戶(hù)提供高素質(zhì)的服務(wù)和解決方案。公司的業(yè)務(wù)主要包括：開(kāi)發(fā)及維護(hù)保險(xiǎn)軟件及辦公室自動(dòng)化、商務(wù)外包服務(wù)、架構(gòu)支持（包括數(shù)據(jù)中心服務(wù)）、產(chǎn)品及工具開(kāi)發(fā)。