Associate Director, Information Risk Assessment Lead
Manulife
Hong Kong, HK
23小时前

Job Description :

Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.

Job Description

This position manages a small team is a single-incumbent senior leadership role within the Governance, Strategy and PlanningRisk Assessment Team of the AsiaL1 L1 IT & Ops Security and RiskControl & Governance function.

The function is sits within Manulife’s line 1b of defense where we align with leadership to set the risk culture, support IT in identifying and mitigating risks at scale, and provide a common view and narrative of key risks to enable business discussions, where we ensure control gaps are identified and drive the corrective action of risk and compliance issues across the region to ensure our crown jewels (customer’s health information, proprietary algorithms, transaction data) are secured (CIA triad) from end-to-end.

Goal of position : Thee goal of this position goal of this position is to support Bbusiness uUnits assess and manage the risks that arise in 3rd party vendor relationships and through projects / change.

SpecificallySpecifically, this role leads and drives the Asia Project and Vendor Iinformation Rrisk aAssessment Pprogram.

Risk AAassessments are a key component of the 3rd party management process and project delivery lifecycles.

In addition, this role also acts as the security officer for Manulife’s Asia Regional Office.

Responsibilities :

  • Lead Iinformation Project and Vendor rRisk aAssessment pProgram across Asia. This involves establishing the following : PlayBooksplaybooks, training programs, quality assurance plans, standardized reporting, and mechanisms to share best practices;
  • Perform and review 3rd Party Vendor Information Risk Assessments and provide guidance on risks mitigation strategies. Conduct 3rd party on-site visits and support vendor due diligence process;
  • Perform and review Project Information Risk Assessments and provide guidance on risks mitigation strategies;
  • Work with Vendors and project teams to identify information security risks and provide hands on guidance on risk mitigation strategies to address risk themes;
  • Engage security subject matter experts to provide additional specialized support to project teams and vendors, as needed;
  • Liaise with 2nd Line of Defense to ensure understanding and compliance with policies and standards;
  • Provide technology, risk, business process or control consulting on company-wide initiatives;Execute Information Risk Management practices and controls;
  • Perform and validate 3rd Party Vendor Information Risk Assessment and support vendor due diligence processto evaluate the effectiveness of third-party vendor’s risk management program;
  • to address risk themesAct as the security officer for the regional office. This includes the supporting regional office by providing day-to-day guidance on security practices, managing security incidents, assess service requests that have a security impact, review and action regional office security metrics;
  • Coach and support more junior team members and other stakeholders as needed.
  • Individual Accountabilities :

  • Overall effectiveness and continuous improvement of Asia Project and Vendor Rrisk aAssessment pProgram;
  • Quality of information risk assessments (direct responsibility of regional projects and vendors, joint accountability for country level projects and vendors).
  • Including the clear articulation and communication of 3rd party and project information risks;
  • Compliance with Vendor Information Risk Management review standard. Completion of Vendor and Project and Vendor Information Risk Assessment for all regional initiatives;
  • Effective support of regional office for all security related items..
  • Key Shared Accountabilities :

  • Incumbent will work closely with contract managers, procurement teams, project teams, information risk subject matter experts and business unit owners to effectively manage vendor and project related information risks.
  • In many cases this role plays a coordination role to ensure the right outcomes;.

  • Quality of information risk assessments (direct responsibility of regional projects and vendors, joint accountability for country level projects and vendors).
  • Including the clear articulation and communication of 3rd party and project information risks.

    Experiences and Qualifications :

  • University graduate with minimum 10 8 -10 years of solid experience inor more of related technology risk, audit, or information security experience Strategic Planning;
  • Assessment especially in financial institutions;
  • Hands on experience conducting project and vendor information risk assessments;
  • Experience in planning, designing and implementing an overall risk management process for a financial organization;
  • Experience in information project & third-party vendor information risk, resource planning, program managementaudit and security & compliance, identify access management, operation security, data protection, security incident management, and Business Continuity Management.
  • and past experience in working in a Regional role would be advantageous;
  • Experience in governance, budgeting, strategic planning, training and etc.regulatory engagement;
  • Experience in planning, designing and implementing an overall risk management process for a financial organization;
  • Holder of Professional Certificate CISSP or other internationally recognized security certification or;,
  • Holder of a Certificate in Procurement and Supply or other internationally recognized procurement or vendor management certification;
  • CRISC, One of CISA, CISSP, PMP and / or CISM would be an advantageassetis required.
  • Core Competencies and Skills :

  • Strong stakeholder and people management skills; able to effectively articulate risk posture, technical vision, possibilities, and outcomes through strong verbal and written communication;
  • Strong interpersonal skills, with ability to influence senior leaders and inspire and train more junior team members;
  • Good understanding of how technology supports Manulife’s strategy;
  • Deep understanding of IT risks and how they can impact the business;
  • Strong stakeholder and people management skills; able to effectively articulate technical vision, possibilities, and outcomes through strong verbal and written communication;
  • Strong interpersonal skills, with ability to influence senior leaders and inspire and train more junior team members;
  • Self-driven, able to meet objectives with a minimal amount of managerial oversight;
  • Can distil complex issues into simple reports, solutions, and designs;
  • Proficient in English, both verbal and written, proficiency in other Asian language would be a plus.;
  • 申請
    添加至收藏
    從收藏夾中刪除
    申請
    郵箱地址
    通過點擊“持續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。
    持續
    申請表