Job Description
At AIA we’ve started an exciting movement to create a healthier, more sustainable future for everyone.
It’s about finding new ways to not only better people's lives, but to better the communities and environments we live in. Encompassing our ambition of helping a billion people live Healthier, Longer, Better Lives by 2030.
And to get there, we need ambitious people who believe in playing an important part in shaping that future. People seeking unmatched career and personal growth opportunities, who are driven to work with, and learn from some of the most inspiring and supportive leaders in the business.
Sound like you? Then read on.
About The Role
The role is responsible to ensure the implementation and compliance of Group Information Security Standard and ISMS policies, while meeting local regulatory requirements (OJK, PDP Law) and aligning with international frameworks (ISO/IEC 27001:2022, NIST CSF 2.0). Act as the local focal point for security governance, risk management, incident response, and regulatory engagement.
Key responsibilities:
1) Governance, Risk & Compliance
Localize and enforce Group Information Security Standard and ISMS policies across the BU; map controls to ISO/IEC 27001:2022 Annex A (93 controls) and maintain the Statement of Applicability (SoA).
Ensure a risk management program consistent with NIST CSF 2.0 and Group governance framework, covering governance, supply‑chain risk, and measurable outcomes.
Ensure compliance with OJK Regulation No. 4/POJK.05/2021 (IT risk management for non‑bank financial institutions/insurance) and Indonesia PDP Law, reconciling any gaps between local regulations and Group standards.
Act as liaison between Group CISO Office and local BU for policy interpretation, exceptions, and risk acceptance processes.
2) Control Implementation & Assurance
Ensure technical and procedural controls are aligned to Group Information Security Standard, ISO/IEC 27001:2022 Annex A, and NIST CSF 2.0.
Coordinate with Group Security Operations team for SOC, SIEM, EDR, vulnerability management, ensuring localization for Indonesia regulatory reporting.
Support internal audits, external certification, and regulator inquiries; track remediation and risk acceptance with clear KPIs.
3) Incident Response & Business Continuity
Maintain BU incident response playbooks; ensure cross-border coordination with Group Security Operations team for escalations and evidence preservation.
Ensure Test and improve BCP/DR capabilities to meet local resiliency and OJK expectations.
4) Third‑Party & Cloud Risk Management
Ensure risk assessments and ongoing assurance for vendors and cloud providers, consistent with Group Standard and OJK outsourcing guidance.
Ensure cloud architectures is validated against ISO 27001, NIST CSF, and Group requirements.
5) Secure Product & Data Lifecycle
Ensure security-by-design is embedded for digital insurance services; ensure compliance with OJK digital insurance regulations and Group security principles.
Oversee data classification, retention, and deletion per PDP Law and Group standards.
6) Awareness & Culture
Deliver targeted security awareness programs aligned with Group Information Security Standard, ISO, and NIST frameworks.
Provide regular risk posture and compliance updates to BU leadership and Group CISO.
Qualifications:
Bachelor’s degree in Information Security, Computer Science, or related field; advanced certifications a plus (ISO 27001 Lead Implementer/Lead Auditor, CISSP, CISM, CCSP).
5-8+ years in information security, preferably in insurance/financial services with exposure to Indonesia OJK compliance and PDP Law requirements.
Demonstrated experience implementing ISO/IEC 27001:2022 Annex A controls and operating a program mapped to NIST CSF 2.0.
Hands-on knowledge of cloud security (IaaS/PaaS/SaaS), identity & access management, SIEM/EDR, vulnerability management, and secure SDLC practices.
Fluent in English and Bahasa Indonesia (written and spoken) for effective communication with local regulators, internal teams, and Group stakeholders.
Strong presentation and reporting skills for senior management, regulators, and auditors.
Proficient in drafting policies, risk reports, incident summaries, and compliance documentation in English for Group and in Bahasa Indonesia for local regulatory needs.
Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.
You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.
