Job Description :
Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.
Job Overview :
Manulife has established the Asia IS Risk Management Office which governs the overall IS risk management posture that includes Information Security, IS Privacy, IS Compliance, and IS Audit in Asia.
It also integrates closely with the Global IS Risk Management Office.
The candidate will be hired and physically located in Hong Kong, reporting directly to Director, Information Security Management.
This role will participate in key projects and initiatives ensuring information risk is always considered and managed. He / she will join a vibrant and global information risk management practice and team that works hard to enable and facilitate business while protecting our people and key information assets located in eleven countries.
This multi-discipline team pulls together a number of specialties forging strong ties between :
Information Security Management
Technology Risk Management
Strategic Planning, Services Integration & Information Protection
Business Continuity Management
As Security Architect, Information Security Management will see the role leading the Information Security Management program for the Asia division.
ISM takes a broad view of information security by overseeing security controls in business and technology solutions by leveraging global risk assessment processes.
This role will work to ensure information risk management is included and embedded in key processes. Finally, Security Architect works closely with senior management via their tracking and reporting functions ensuring timely response to questions from management, the Board and regulators.
Determines security requirements by evaluating business strategies and requirements; researching information security standards;
conducting system security and vulnerability analyses and risk assessments; studying architecture / platform; identifying integration issues;
Plans, research and design robust security architectures;
Deep technical understanding of and experience with security technologies including, but not limited to, single sign-on, active directory, multi-
factor authentication, public key infrastructures, certification authorities, virtualization, privilege account management, web services, cryptographic, key management, intrusion detection / prevention, event correlation, firewall, antivirus, anti-
spam, policy enforcement, patch / configuration management, application whitelisting, etc.
Leads / coordinates integration of new technologies, migration implementations, and major upgrades. Anticipates technical evolutions;
designs and builds durable architectures.
Reducing information risk exposures by introducing a robust enterprise information risk management framework and supporting infrastructure for proactively identifying, managing, monitoring and reporting on critical information risk exposures.
Leverage GRC systems to comment on draft standards, track compliance to in-force standards and policies, monitor risk exceptions and acceptances, report on vendor assessments, follow and confirm compliance to regulations, etc.
Provide advisory and recommendation based on the add-value analysis on IT deficiencies from Audit and Risk Acceptance reports
Collaborate with other IRM teams and professionals from Asia Technology Office, Business Units, Global Infrastructure Service, Divisional Information Risk Officer, Compliance, Audit Services, and peer Information Security Management leads across Manulife globally.
Contribute and shape divisional and global ISM projects and initiatives. Ensure division-specific requirements and needs are accommodated whenever possible and practical in initiatives, projects and services.
Provide advisory to business units in Divisions around current and emerging technology risks and their impact to the company’s information risk profile
University Degree with 10+ years of progressive experience in one or more of the following disciplines : Information Technology / Application / Platform / Network, Information Risk Management, Audits, ITIL / COBIT frameworks, Security Solutions ideally with some of that time spent in a large and complex organization.
Practices and methods of IT strategy, enterprise architecture and security architecture
Professional certifications or designations in security, IT auditing is a plus, but not a requirement.
Security Certifications : CISM, CISSP and / or CISA, but not mandatory
Excellent communication skills (oral and written) including presentation skills and demonstrated ability to present at all organizational levels.
Innovative problem solving skills with the proven ability to exercise flexibility and judgment.
Ability to learn, know and act upon what’s important to Manulife and business units.
Proven ability to build relationships, engage and influence others, work with a diverse internal and international user community, as well as vendors.
Strong interpersonal skills, including demonstrated ability to be sensitive and professional when communicating across geographical and cultural boundaries.
Ability to work independently and collaboratively simultaneously, while managing multiple priorities within tight deadlines.
Process and results oriented.
Proactive, innovative, self-motivated and work independently
Proven ability to multi-task, manage and work on tasks concurrently
Good interpersonal communication, management and presentation