AIA logo

Associate Director, Data Privacy & AI Governance Programme

AIA
1 day ago
Full-time
On-site
Hong Kong, China
AI Governance, Associate

FIND YOUR 'BETTER' AT AIA

We don’t simply believe in being ‘The Best’. We believe in better - because there’s no limit to how far ‘better’ can take us.

We believe in empowering every one of our people to find their 'better' - in the work they do, the career they build, the life they live and the difference they make. So that together we can support even more people - including our own - to live Healthier, Longer, Better Lives.

If you believe in better, we’d love to hear from you.

About the Role

The position is responsible for: (i) Managing the AIA Group Data Privacy Policy and the AIA Group Records Management Standard; (ii) Ensuring appropriate oversight and adherence to data privacy, records management, and AI governance standards across the organization; (iii) Conducting privacy impact assessments for Group Office initiatives and risk assessments for AI use cases where personal data risks are present. (iv) Driving and undertaking key projects and initiatives for data privacy, record management, and related AI governance; and (v) undertaking independent reviews and assurance across adoption of data privacy standard requirements, controls and regulations across Group, and BUs in partnership with Group and BU stakeholders.

Roles and Responsibilities:

Subject Matter Expert – Data Privacy Compliance Programme (including Records Management)

  • Provide support to ensure the Group and Business Units process personal data in compliance with applicable data protection law.
  • Issue Group Policies and Standards relating to data privacy and records management.
  • Monitor regulatory development on Data Privacy and revise Group Policies and Standards as required.
  • Design and implement Data Privacy controls for digital, online, and cross-border data processing activities.
  • Leveraging applicable industry best practices in Data Privacy and record management.
  • Monitors and review execution of compliance strategies within set parameters by establishing Group policy and guidelines and ensure that they are adhered to.
  • Act in an advisory capacity to the local Business Unit Compliance team, including assessment and advice on risks and potential for breaches, provide training and skills transfer.
  • Provide support and facilitate incident management for data breaches and control failures including conducting investigation and advising on appropriate containment, remediation of any breaches including look-through in other businesses, and notification and regulatory reporting requirements.
  • Assist Group and BUs to ensure data breaches are appropriately and promptly reported to relevant regulators, where applicable.  


Conducting Privacy Impact Assessments

  • Conduct and oversee privacy impact assessments across the organisation, including analysis of compliance trends, systemic issues, and environmental scans.
  • Assess how personal data is collected, processed and stored within the organisation and advise on how privacy risks can be mitigated and how processes may be enhanced to ensure personal data is used only for permitted purposes. 
  • Understanding and if necessary, monitoring how third parties use or may gather and store data on AIA or how data belonging to AIA may be gathered or published online including through social media.
  • Advise on cross-border data transfers and engagement with third parties.
  • Work closely with Business Unit Compliance team to ensure effective and quality controls are designed and implemented.
  • Collaborate with Information Security, Data Governance and Data Platforms, Data Analytics, Legal, Corporate Communications, Sourcing, Internal Audit and other functional teams and stakeholders.


Projects, Assurance and Oversight

  • Drive and undertake key projects and initiatives relating to data privacy, records management, and AI governance.
  • Conduct independent reviews and assurance activities across Group and BUs to assess adoption of relevant standards, controls, and regulatory expectations.
  • Report key risks, issues, and themes to senior management and relevant governance forums.


AI Governance and Responsible Use of AI

  • Develop, maintain, and oversee a Group AI Governance Framework, ensuring responsible, ethical, and compliant use of AI tools and systems across the organisation.
  • Provide subject matter expertise on AI-related regulatory, legal and ethical risks, particularly where AI systems involve personal data, customer interaction, or material business outcomes.
  • Monitor emerging AI-related regulations, regulatory guidance, and supervisory expectations and translate these into pragmatic Group-level policies, standards, and controls.
  • Support AI risk assessments (including where applicable privacy impact assessment).
  • Work in close relationship with Technology, Data, Information Security, Legal, Risk & Compliance stakeholders to embed AI governance into existing risk and control frameworks.
  • Provide guidance on third-party and vendor AI solutions, including governance expectations, accountability, and contractual risk considerations.

Minimum Job Requirements:

This individual should have a demonstrated record of success in regulatory, legal or Compliance functions and at least 12+ years of relevant experience, including at least 3 years in a senior, policy setting or strategic role.
The individual should have:

  • Strong knowledge of life insurance business (optimal or, in lieu of life insurance, other financial services business) and Data Privacy regulatory environments throughout Asia.
  • Sound legal or regulatory background including exposure working in a data privacy, corporate law or regulatory compliance/regulatory affairs function or relevant role within a financial regulator.
  • Demonstrated understanding of AI-related risks, governance concepts, or data privacy risk within regulated environments
  • Strong interpersonal and influencing skills (including across cultures)
  • Ability to work independently as well as a team player.
  • Strong communication skills (ideally with experience in dealing with regional Regulators)
  • Sound and proven people management
  • Exposure to risk management practices
  • Strong integrity, disciplined work ethics, self-motivation and ability to work under pressure

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.