Manager, IT Control & Governance
The Manufacturers Life Insurance Company
Hong Kong, HK

Job Description :

Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.

Job Description

The manager role sits in the first line of defense, is responsible for Asia information technology controls and governance services, in alignment with the mandates and objectives of Global segment.

  • The individual will collaborate and liaise with Country Information Services, Business Units, Global CoE teams and Asia segment stakeholders, participates in Asia countries’ governance structure to support the implementation of ISM strategy;
  • and execute the practices and controls, as well as promote risk and security awareness for the successful implementation of the ISM strategy.

    Key Result Areas :

  • Execute Information Risk Management / Information Security policies and standards and associated security controls especially in the Information Security Management (ISM) domain for Asia region
  • Participate in IT projects and initiatives to bring proactive information security management focus into solutions, assist in formulation ISM plan to ensure effective and consistent application of ISM policies and standards across all technology projects, systems and services, as well as compliance to local Laws and Regulations
  • Oversee ongoing information security processes for incident management, access management, legacy technology and vulnerability management, and even some processes tied to business continuity and disaster recovery.
  • Partner with business units and technical teams to implement ISM processes and supporting procedures.
  • Monitor risk and communicate to relevant stakeholders to ensure continued effectiveness of the Company’s ISM strategy, establish corrective actions where necessary
  • Support and participate in security projects from our Global and Regional partners
  • Provide advisory and guidance on Information Risk, Technology Risk and Regulatory for information services and business
  • Coordinate security activities, including but not limited to application security source code scanning, legacy technology and vulnerability management, logical access regular assessment, information risk awareness and readiness for the Asia region
  • Participate in regular meetings with various teams in Asia as well as globally
  • Review and understand technology risk regulatory requirements, provide advisory, ensure compliance with the requirements including framework, guidelines & policies for ISM and IT, maintain of local IT regulatory matrix
  • Conduct gap analysis for changes to Company policies, standards and new or updated Regulatory requirements, provide advisory and guidance on developing action plans to address the gaps
  • Liaison to internal, external auditors, and regulatory agencies on information security risk reviews and examinations, oversee audit issues, ensure issues are tracked and addressed in a timely manner
  • Incident management, establish communication and escalations, response & handling in the event of an information risk or security incident, advice and guidance for immediate corrective actions.
  • Participate in investigations and reporting. Review, advise and monitor preventive actions

  • Ensure controls are executed effectively, efficiently and consistently across Asia region, conduct quality control and tests on the controls, identify gaps, and devise and execute action plans to address any gaps found;
  • to ensure deficiencies are remediated appropriately

  • Report control gaps and remediation status to stakeholders
  • Assist in the rectification of knowledge / resource gaps in the Asia countries, closing the gaps of information security / risk activities
  • Travel within the region may be required
  • Experiences and Qualifications :

  • University graduate with minimum 5 years or more of progressive information security management experience in one or more disciplines : project / vendor risk assessment, network security, infrastructure / platform security, data / application security, vulnerability / patch management, and IT auditing, IT risk and control assessments.
  • Experience is application security would be an advantage
  • Professional certification or designation in information security and IT auditing, a plus, but not a requirement
  • Candidates with less experience will be considered as Specialist
  • Candidates with more experience will be considered as Senior Manager
  • Core Competencies and Skills :

  • Proficient in English, both verbal and written
  • Excellent communication skills in both technical and non-technical areas
  • High integrity, adhering to principles and values
  • Appreciation of different cultures
  • Good analytical skills
  • Works well within a diverse team as well as independently
  • Good interpersonal communication
  • 申請
    通過點擊“持續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。