At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.
As pioneering innovators for over 100 years, we’re now transforming our organisation to be faster, simpler and more connected. Because we want to be even better equipped to develop digital solutions and experiences that help more people live Healthier, Longer, Better Lives.
To get there, we need people with tech/digital/analytics expertise and passion to help develop positive, sustainable change through digitally enhanced experiences that will impact the lives of millions of people and create a healthier future for everyone.
If you believe in developing a better tomorrow, read on.
About the Role
This position enhances the organisation’s cybersecurity posture by driving penetration testing activities and strengthening vulnerability management capabilities. The role is responsible for identifying, validating, and tracking security weaknesses through structured assessments, coordinated testing, and continuous monitoring. It supports threat‑driven analysis, remediation planning, and risk‑based reporting to ensure timely closure of vulnerabilities.
Roles and Responsibilities
Application Security & Vulnerability Management
Participate in vulnerability scans and coordinate follow‑up activities to ensure timely remediation by the respective system owners.
Assist in documenting vulnerability risk assessments, mitigation plans, and remediation status tracking.
Support secure code review processes, including coordinating with developers and documenting identified issues.
Provide support for data protection assessments and secure development activities within the SDLC.
Coordinate and manage the scheduling of penetration testing activities, ensuring proper planning, prioritisation, and alignment with project timelines and business requirements.
Support end‑to‑end documentation, preparation, and coordination for penetration testing engagements, including scope definition, test plan validation, and closure reporting.
Assess security controls and compliance within the SDLC, ensuring security requirements are embedded early and consistently across project phases.
Vendor & Procurement Management
Manage designated penetration testing and security assessment vendors, ensuring quality delivery, adherence to scope, and timely submission of reports.
Oversee the procurement process for security testing services, including preparing requirements, evaluating proposals, completing vendor onboarding documentation, and coordinating with Procurement and Finance for approvals.
Monitor vendor performance, service quality, and contract compliance, providing feedback and driving improvements where needed.
Audit & Compliance
Prepare, organise, and maintain documentation required for internal audits, external audits, and regulatory cybersecurity reviews.
Support evidence gathering, compliance validation, and tracking of audit observations related to application security, penetration testing, and vulnerability management.
Minimum Job Requirements
Bachelor’s degree in Computer Science, Information Systems, or a related field.
1–3 years of experience in Application Security, Cybersecurity, or related domains.
Foundational knowledge of cybersecurity principles, tools, and frameworks, including but not limited to OWASP, NIST, ISO/IEC 27001, CIS Controls, MITRE ATT&CK, COBIT, and ITIL.
Familiarity with vulnerability scanners, penetration testing tools, and secure coding platforms is advantageous.
Strong analytical and documentation skills.
Good communication and teamwork abilities.
Industry certifications (e.g., CompTIA Security+, ISO 27001, or equivalent) are an advantage.
Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.
You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.
AIA Group Limited and its subsidiaries (collectively “AIA” or the “Group”) comprise the largest independent publicly listed pan-Asian life insurance group. It has a presence in 18 markets – wholly-owned branches and subsidiaries in Mainland China, Hong Kong SAR(1), Thailand, Singapore, Malaysia, Australia, Cambodia, Indonesia, Myanmar, New Zealand, the Philippines, South Korea, Sri Lanka, Taiwan (China), Vietnam, Brunei and Macau SAR(2), and a 49 per cent joint venture in India. In addition, AIA has a 24.99 per cent shareholding in China Post Life Insurance Co., Ltd.
The business that is now AIA was first established in Shanghai more than a century ago in 1919. It is a market leader in Asia (ex-Japan) based on life insurance premiums and holds leading positions across the majority of its markets. It had total assets of US$328 billion as of 30 June 2025.
AIA meets the long-term savings and protection needs of individuals by offering a range of products and services including life insurance, accident and health insurance and savings plans. The Group also provides employee benefits, credit life and pension services to corporate clients. Through an extensive network of agents, partners and employees across Asia, AIA serves the holders of more than 43 million individual policies and over 16 million participating members of group insurance schemes.
AIA Group Limited is listed on the Main Board of The Stock Exchange of Hong Kong Limited under the stock codes “1299” for HKD counter and “81299” for RMB counter with American Depositary Receipts (Level 1) traded on the over-the-counter market under the ticker symbol “AAGIY”.
(1) Hong Kong SAR refers to the Hong Kong Special Administrative Region.
(2) Macau SAR refers to the Macau Special Administrative Region.
