Ageas is a listed international insurance Group with a heritage spanning 200 years.
It offers Retail and Business customers Life and Non-Life insurance products designed to suit their specific needs today and tomorrow and is also engaged in reinsurance activities.
As one of Europe's larger insurance companies Ageas concentrates its activities in Europe and Asia which together make up the major part of the global insurance market. It operates successful insurance businesses in Belgium, the UK, France, Portugal, Turkey, China, Malaysia, India, Thailand, Vietnam, Laos, Cambodia, Singapore, and the Philippines through a combination of wholly owned subsidiaries and long-term partnerships with strong financial institutions and key distributors.
In most markets, Ageas ranks among the market leaders in the countries in which it operates. It represents a staff force of about 44,000 people and reported annual inflows close to EUR 18.5 billion in 2024 (all figures at 100%).
Shape your Career with Ageas
We’re currently looking for a high caliber professional to join Ageas Asia as IT Security Governance, Risk and Compliance Analyst, based in our Hong Kong Regional Office. The job holder will be reporting hierarchically to the Director, IT & Security, Asia.
In this role you’re expected to:
This role focuses on managing audit findings, coordinating remediation efforts, and enhancing regional office organization’s security awareness program. The ideal candidate is detail-oriented and proactive, serving as a key bridge between technical security teams, auditors, and business stakeholders. A strong understanding of Azure and M365 security controls is essential. The role also oversees the effectiveness of security measures implemented by the regional office’s outsourced IT service provider.
Governance, Risk & Controls
- Main contact for internal and external IT/security audits.
- Prepare and manage audit documentation and evidence.
- Coordinate audit activities and responses.
- Track and resolve audit findings.
- Lead ISO 27001 certification and ongoing compliance.
- Ensure controls meet Group, NIST, GDPR, and regulatory standards.
- Maintain risk registers and support risk assessments.
- Help teams identify and manage security risks.
- Promote security policy awareness across departments.
- Develop and maintain security policies and procedures.
- Manage security awareness programs and phishing simulations.
- Create training and communication materials on security topics.
Azure/M365 Security
- Review and manage Azure/M365 security settings.
- Assess security controls from external IT providers.
- Conduct regular risk assessments and manage mitigation plans.
- Maintain security documentation for Azure/M365.
- Monitor and respond to security incidents.
Security Operations
- Support incident response and investigations.
- Review SOC provider’s threat detection capabilities.
- Build and manage security automation tools.
- Stay updated on security threats and vulnerabilities.
As a successful candidate you’d ideally have the following skills and exposure:
Academic Requirement
- Bachelor's degree in Information Security, Computer Science, or related field
- 5+ years of experience in information security, security governance, risk, and compliance
- Strong understanding of security frameworks and standards (ISO 27001, NIST CSF, SOC 2, etc.)
- Professional certifications preferred (CGEIT, CRISC, CISA or equivalent)
- Experience in insurance industries and its regulatory requirements.
- Proficiency in Microsoft 365 security services, including Defender for Office 365, Intune, and DLP.
- Relevant certifications (e.g., Azure Security Engineer Associate, Microsoft 365 Security Administrator Associate, CompTIA Security+) are highly desirable.
Soft Skills:
- Strong verbal and written communication abilities
- Excellent communication skills, with ability to translate technical concepts to non-technical audiences.
- Patient and customer-focused approach.
- Adaptable to changing technology landscapes.
- Ability to work independently and in a team environment.
- Ability to translate technical risks into business impacts.
Preferred Skills:
- Proven experience managing an ISO 27001-certified ISMS.
- Experience managing the remediation of security findings from audits or assessments.
- Experience developing or delivering security awareness programs.
- Experience with cloud security compliance frameworks.
- Experience with security information and event management (SIEM) systems.
- Knowledge with vulnerability scanning and penetration testing.
- Knowledge of Zero Trust architecture.
- Risk-based thinking, analytical mindset, and attention to detail.
Ageas values your talent and knows how to reward it. We offer you an attractive salary and fringe benefits. You will work in a stimulating international environment with numerous opportunities for personal development. You will work independently within a global dynamic team in agile ways (start-up spirit).
Take the next step in your career, apply for this role at Ageas today
Click on the “” button to submit your application.
Application through internal referral
If you would like to refer any qualified individuals, who are interested in this position, please advise them to click on the “” button to submit his/her application. Referees should indicate the name and department of the referrer on their resumes. Shortlisted candidates would be notified for an interview.
Diversity, Equity and Inclusion
Ageas is an equal opportunity and affirmative action employer. Inclusion and Diversity are an essential part of Ageas’ values and company culture. We foster a working environment where everyone feels they belong, collaborates to achieve our common ambitions, and is recognized for their contribution. Ageas encourages its people to think and act differently, to speak up, to be themselves and to contribute their individual skills. Ageas strives to create a truly inclusive company – attracting the most talented people and offering them an environment where they can grow their full potential. For Ageas, diversity and inclusion is a business imperative, providing us with the foundation to achieve sustainable business results across different markets.
