Position Objective:

The role will provide IT security testing and validation support to Group Office initiatives and across Technology functions in 18 business units to ensure secure delivery and operation of IT infrastructure, applications, and services.  The individual is expected to run the daily operations ensure IT services are scanned and tested, vulnerabilities remediated, and reporting on vulnerabilities, remediation, and testing metrics.

Roles & Responsibilities:

• Manage security testing tools for vulnerability scanning and assessing AIA IT infrastructure and applications
• Execute security scanning on AIA IT resources on-prem and in the cloud
• Liaise with local business units on security testing procedures, reporting, and provide assistance with remediation and re-test
• Support integration and automation of security testing tools with scripts, CI/CD pipelines, cloud services, and other security technologies
• Provide advisory on IT vulnerabilities, risk assessment, and appropriate remediation actions
• Ensure adherence and compliance to the vulnerability management policies and standards

• Provide regular reports on security testing metrics

Requirements:

• Experience
• Over 5 years of relevant experience, preferred to be gained from financial services industries
• Prior experience in infrastructure security, application security, cloud security, and container security
• Familiar with security testing procedures, security scanning tools, vulnerability and compliance management.  Penetration testing is especially beneficial
• Relevant experience with security benchmarks, such as CIS, OWASP, SANS, etc.
• span>
• Education & Certification
• Degree holder in Computer Science or related discipline
• Information Security related certifications desirable e.g. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk & Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT)
• span>
• Special skills
• Good communication and interpersonal skills
• Attention to detail and ability to report on key activities and status
• Initiative to drive assigned tasks to completion
• Proficient in both spoken and written English

友邦資訊科技(廣州)有限公司由友邦保險有限公司獨資興辦。公司宗旨是為友邦保險集團屬下全球的業(yè)務單位提供軟件開發(fā)、維護、管理及業(yè)務外包等服務。

公司秉承以客戶為中心的服務理念，不懈地進行有效的持續(xù)改進工程，務求成為友邦保險集團內一流的信息技術和企業(yè)營運中心,為客戶提供高素質的服務和解決方案。公司的業(yè)務主要包括：開發(fā)及維護保險軟件及辦公室自動化、商務外包服務、架構支持（包括數(shù)據中心服務）、產品及工具開發(fā)。