PURPOSE OF THE ROLE
Implement BCM programme to ensure that all areas of Aviva can recover and continue its critical business processes in the event of a significant disruption.
Ensure that all aspects of Business Protection (“BP”) including Information Security, data protection and Business Continuity Management (BCM) comply with the Group BP standard and local regulations (including MAS TRM Guidelines, MAS Outsourcing Notices and Guidelines, MAS BCM Guidelines).
Ensure business as usual activities for BP are performed, reported, monitored and reviewed / updated.
Maintain BP related controls on Information Security, Physical Security and BCM.
Perform Due Diligence on BP and BCP aspects for outsourcing contracts.
Develop and implement a robust BCM programme.
Rollout training / education programme to achieve full embedment of Business Continuity and Security Awareness in the company’s culture.
Responsible for promoting an environment where a risk management culture can flourish.
Implement an appropriate BCM methodology and procedures (including Risk Assessment, Business Impact Analysis, Crisis Management/Business Continuity documentation, testing and awareness training) in accordance with the Group BP standard and local regulations.
Provide business continuity and data protection inputs into Aviva’s projects and processes.
Implement information security and data protection in accordance with Group BP standard (including awareness and audit of Aviva’s working environment)
Create and maintain a risk management environment that ensures risks taken by the function are identified, assessed and frequently monitored, managed and reported against.
Implement Data Loss Prevention tool to monitor outgoing confidential information sent from staff laptop/PC, email account.
Assist in investigation and resolution of security issues.
Assist with department’s reporting to Group and senior leadership team.
Effective Risk Management/Governance
Member of the Incident Management Team in the event of a major Business Continuity or Disaster Recovery incident or crisis.
Ensure effective BP related controls and processes on Information Security, data protection and BCM are in place across business areas to ensure compliance to Group BP standard and local regulations.
Conduct regular clear desk checks and ensure adequate processes and controls are in place to make sure the information security is of acceptable standards set by Company.
Ensure the Information Security and BCM documents are reviewed at least annually or where applicable, to ensure it complies with the Group’s standards and regulations.
Established BCM framework and requirements are embedded within business processes for effective recovery of critical business operations in the event of significant disruption and compliance with MAS BCM guidelines.
Effective BP related controls on Information Security, data protection and BCM are in place across business areas to ensure compliance to Group standard and local regulations.
Data Loss Prevention tool is implemented to mitigate risk of loss of confidential data.
Fair Dealing Outcome
Ensure full understanding of Fair Dealing Outcomes and one’s own accountability in delivering these outcomes as applicable to the role.
Operational Risks and Controls
Identify, own and manage key risks and controls relevant to your role, including where you have been identified as the owner or nominee in iCARE.
Maintain appropriate records and ensure that controls are well designed and operating effectively to keep the risks that they mitigate within Aviva's tolerance level.
Report and escalate the status of the relevant risks and controls as appropriate.
Responsible for compliance with applicable laws and regulations (including personal regulatory accountabilities in relation to fitness and propriety), and relevant Aviva’s Business Standards.
Ensure that new regulatory requirements impacting the department/function are implemented, and an effective process is in place for regulatory consultations to be reviewed and analysed by subject matter experts.
Undertake regular self-assessments of the effectiveness of controls using tools such as regulatory obligations mapping to confirm compliance.
Ensure that potential control gaps, failures or breaches that could or have already resulted in a regulatory breach are escalated in accordance with issued guidelines.
University degree level or equivalent, preferably.
Member of the Business Continuity Institute preferred but not essential.
Good knowledge of the principles surrounding Business Protection, Data Protection, Business Continuity Planning and Disaster Recovery.
Good knowledge of the Insurance operations.
Good understanding of information security risks and controls.
Good communication skills – written, oral and presentation.
Good project management skills.
Proficient in the use of all Microsoft Office applications.
Ability to work independently and willing to take on new challenges.
Flexible and adaptable.
At least 5-7 years’ experience in business continuity planning/management and/or risk management in the financial service industry, preferably in insurance sector.
Experience in information security will be an added advantage