Corporate Compliance, Principal

FIND YOUR 'BETTER' AT AIA

We don’t simply believe in being ‘The Best’. We believe in better - because there’s no limit to how far ‘better’ can take us.

We believe in empowering every one of our people to find their 'better' - in the work they do, the career they build, the life they live and the difference they make. So that together we can support even more people - including our own - to live Healthier, Longer, Better Lives.

If you believe in better, we’d love to hear from you.

About the Role

Support the Associate Director, Corporate Compliance and work independently to ensure that AIA Hong Kong & Macau operates in accordance with AIA Group policies and guidelines, as well as applicable local regulatory requirements. The role primarily serves as the Subject Matter Expert (SME) in Data Privacy and related areas, while supporting the design, implementation and oversight of the compliance framework across the following domains:
• Data Privacy (acting as Data Privacy Specialist)
• Data Security (from a Compliance perspective)
• Code of Conduct
• Regulatory Development and Reporting
• Other compliance areas including Outsourcing, FATCA, CRS and Gifts & Entertainment (G&E)
• Regulatory Compliance projects as assigned from time to time (e.g. PIPL and other regional initiatives)
The role forms part of a collaborative Corporate Compliance team operating under a job rotation framework, where the role may periodically rotate responsibilities with other team members, provide and receive cross-functional guidance, and contribute to broader team capability development.
This role contributes to the delivery of customer outcomes that are reliable, thoughtful, and create meaningful impact for customers and society. The role holder is expected to embed a customer first mindset in all decisions and actions by developing a clear understanding of customer needs, taking end to end ownership to resolve issues, and working collaboratively across teams to continuously enhance the customer journey—both directly and indirectly.

Roles and Responsibilities:

 

Reporting to the Associate Director, Corporate Compliance, the position will focus on the following activities covering all entities under AIAHK’s oversight (e.g., AIA International, AIA Everest, Blue Cross, Blue Care and UCare):

  

A. Data Privacy (approx. 80%)

Support the Data Privacy Officer in the following:

• Develop, implement and maintain data privacy policies and procedures in line with applicable laws and regulatory requirements.
• Monitor and assess data privacy risks and vulnerabilities, including conducting regular risk assessments and assurance reviews.
• Provide advisory support to business units on data privacy requirements and best practices.
• Collaborate with IT and Information Security teams to ensure appropriate technical and organizational measures (e.g. access controls, encryption) are implemented.
• Conduct Data Protection Impact Assessments (DPIAs) for new products, systems or initiatives involving personal data.
• Manage and respond to data subject access requests and other privacy-related enquiries from individuals and regulators.
• Coordinate and support the Data Privacy and Security Committee, including agenda setting, documentation and follow-up of action items.
• Develop and deliver data privacy training and awareness programmes.
• Maintain the privacy control framework and perform periodic assessments of control design and effectiveness.
• Monitor regulatory developments and provide updates on emerging data protection requirements.
• Lead and coordinate response to data privacy incidents, including engagement with stakeholders and regulators where required.
• Establish and maintain appropriate data processing agreements with third parties.
• Work closely with Legal and Compliance teams on privacy-related contractual and cross-border data transfer matters.
• Support or lead ad hoc projects and initiatives as assigned.

B. Wider Compliance Support (approx. 20%)

Support the Corporate Compliance team in other assigned areas (e.g. Outsourcing, FATCA, CRS, Record Management, G&E, Code of Conduct), including:

• Developing and maintaining compliance policies, procedures and guidance for business units.
• Supporting implementation of regulatory requirements, including gap analysis, action tracking and training.
• Designing and executing risk-based monitoring programmes in accordance with the annual Compliance Plan.
• Managing compliance incidents and ensuring appropriate reporting, remediation and preventive actions.
• Identifying and assessing compliance risks and maintaining relevant records in the internal risk management system.
• Providing compliance advisory support to facilitate business initiatives and growth.
• Conducting compliance risk assessments for new initiatives within SME coverage areas and recommending practical solutions.
• Promoting awareness of the three lines of defence model across the organisation.

In line with the team’s job rotation framework, the role is expected to collaborate closely with team members, share knowledge, and contribute to cross-skilling and succession planning initiatives.

Minimum Job Requirements:

• Solid knowledge of data protection laws and frameworks (e.g. PDPO, PIPL, GDPR, PDPA or equivalent).
• Bachelor’s degree in Law, Accounting, Finance, Business or a related discipline.
• Minimum 5 years of relevant experience in data privacy, compliance, risk management, legal or internal controls.
• Experience in the financial services or insurance industry is preferred.
• Relevant professional qualifications in Data Privacy, Compliance, Internal Audit or related disciplines are an advantage.
• Good understanding of insurance business operations is not mandatory but an advantage.
• Strong interpersonal, communication and stakeholder management skills.
• Proficient in written and spoken English and Chinese.
• Self-motivated, well-organised and able to work independently under pressure.
• Strong analytical and problem-solving skills with attention to detail.
• High level of integrity, accountability and ownership.
• You are required to obtain relevant license if your job involves in regulated activities

Build a career with us as we help our customers and the community live Healthier, Longer, Better Lives.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.