Corporate Compliance, Principal

FIND YOUR 'BETTER' AT AIA


We don't simply believe in being 'The Best'. We believe in better - because there's no limit to how far 'better' can take us.


We believe in empowering every one of our people to find their 'better' - in the work they do, the career they build, the life they live and the difference they make. So that together we can support even more people - including our own - to live Healthier, Longer, Better Lives.



If you believe in better, we'd love to hear from you.



About the Role


Support the Associate Director, Corporate Compliance and work independently to ensure that AIAHK & Macau operates in accordance with the AIA Group policies and guidelines and local regulatory requirements in the following SME areas and towards this end, driving and overseeing implementation of compliance framework in these areas:
• Data Privacy (act as Data Privacy Specialist)
• Data Security (Compliance perspective)
• Code of Conduct
• Regulatory Development and Reporting
• Other compliance matters such as outsourcing, FATCA, CRS, G&E
• Regulatory Compliance projects assigned from time to time including PIPL, etc



Roles and Responsibilities:


Assist Data Protection Officer in carrying out the following duties:

• Develop and implement data privacy policies and procedures in accordance with applicable data protection laws and regulations.
• Monitor and assess the organization's data privacy risks and vulnerabilities, conduct regular assurance monitoring and risk assessments.
• Provide expert guidance to internal teams on data privacy best practices and ensure compliance with privacy requirements.
• Collaborate with IT and security teams to implement technical measure for data protection, encryption, and access control.
• Conduct data protection impact assessments (DPIAs) for new projects or initiatives involving the processing of personal data.
• Manage and respond to data subject access requests (DARs) and other privacy-related inquiries from individuals, law enforcements and authorities.
• Arrange and facilitate the quarterly Data Privacy and Security Committee Meeting, including agenda setting, taking minutes and following up on action items.
• Oversee the development and delivery of data privacy training and awareness programs for employees.
• Manage and maintain the privacy controls library and assess its design and operating effectiveness on a regular basis.
• Maintain up-to-date knowledge of data protection laws and regulations, keeping the organization informed of any changes that may impact data privacy practices.
• Lead incident response activities in the event of data breach, including coordinating with relevant stakeholders and regulatory authorities.
• Establish and maintain data processing agreements with third-party vendors and service providers to ensure data privacy compliance.
• Work closely with legal and compliance teams to address privacy-related contractual obligations and data transfer requirements.
• Support or lead any project or initiative assigned from time to time

Assist and support wider Corporate Compliance team in areas relating to Outsourcing, FATCA, CRS, Record Management, G&E, Code of Conduct, and etc. on the following:

• Formulate compliance policies, procedures and provide guidelines to business units and perform risk-based monitoring program in order to ensure existing and new regulatory requirements are complied with.
• Drive the implementation of assigned Compliance policies and guidelines, including perform gap analysis, monitoring progress of action plans to close the gaps and provision of training to business unit.
• Design and execute risk-based monitoring programs to test compliance with relevant Compliance policies, guidelines and local regulatory requirements and carry out the reviews within timelines as specified in the annual Compliance Plan.
• Manage incidents, any subsequent reporting in accordance to both internal reporting protocol and / or regulatory requirements, where applicable, and ensure remedial actions and preventative measures are in place.
• Identify risks and update assessment on compliance risks, controls and actions for in the Risk and Control Self-Assessment (RCSA) system.
• Provide compliance advisory support to business units to support business growth.
• Provides compliance risk assessment regarding business initiatives for areas acting as SMEs and proposes business solutions.
• Raises awareness of the business units concerning the three-line of defense risk management model.

Minimum Job Requirements:

• In-depth knowledge of data protection laws and regulations, such as PDPO, PIPL, GDPR, PDPA, or other relevant data privacy frameworks.
• Bachelor's degree in Accounting, Finance, Law or Business
• Minimum of 5 years solid working experience in the data privacy and protection laws
• Background in financial services industry focused on compliance, risk management, consulting, legal and/or internal controls is preferred
• Professional qualification in data privacy, life insurance, Compliance, Internal Audit or related disciplines is preferred
• In-depth understanding of insurance business is preferred
• Good interpersonal and communication skills and self-motivated.
• Good written and spoken communication skills in English and Chinese.
• Independent and be able to work under pressure.
• Good stakeholder management skills.
• Be organized, detail-oriented and with good problem solving skills
• High level of integrity and take ownership and accountability of results

Others:

• You are required to obtain the relevant license(s) if your job involves regulated activities

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.


You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.