Manager/Senior Manager, Asia WAM Information Risk Management
Hong Kong

The Opportunity

The customer is the focus of everything we do, and millions of end users rely on our products daily. We believe in the value of empowering Senior Manager, Asia WAM Information Risk Management with the resources to solve critical problems for the future of our business, which is why we need you.

Manulife HK is seeking for a Manager / Senior Manager, Asia WAM Information Risk Management who is responsible for the delivery of the 2nd-Line of defense for Information Risk Management (IRM) practice with primary focus on the Global Wealth and Asset Management (GWAM) Segment at Manulife and John Hancock.

The incumbent will serve as a Subject Matter Expert on information security, technology risk, privacy, and business continuity management with the global IRM team.

The Senior Manager drives the execution of highly complex and technical processes related to information risk including, but not limited to, assurance over information risk controls, risk identification and treatment, meeting local regulatory requirements, consulting on technology priorities, strategies and solutions in accordance with global information risk policies, standards, programs, processes and supporting systems.

The incumbent works closely with the IRM team and other stakeholders to ensure the work is completed and delivered in alignment with business goals, drivers and commitments.

What motivates you?

You obsess about customers, listen, engage and act for their benefit

You think big, with curiosity to discover ways to use your agile mindset and enable business outcomes

You thrive in teams, and enjoy getting things done together

You take ownership and build solutions, focusing on what matters

You do what is right, work with integrity and speak up

You share your humanity, helping us build a diverse and inclusive work environment for everyone

We are looking for someone with :

Minimum 5 years of progressive leadership in the areas of Information Security / Business Resiliency / Technology Risk strategies, principles, processes and deliverables within a large enterprise

University degree (Computer Science or related discipline preferred)

Previous risk advisory consulting experience is preferred

Wealth and Asset Management, Group Retirement, or General Account Investment industry experience.

Sound knowledge of best practices of various aspects of information risk management and prior experience as a leader in Information Risk

2nd-line of defense experience, developing and executing effective challenge and oversight of risk management activities

Strong communication skills and ability to explain highly technical information for non-technologists including executives

Effective negotiation skills with the aptitude to achieve consensus in a federated environment

Strong interpersonal skills, including demonstrated ability to be sensitive and professional when communicating across geographical and cultural boundaries

Ability to work independently and collaboratively simultaneously, while managing multiple priorities within tight deadlines

Strong competencies in collaboration, problem solving and influencing key risk decisions

Knowledge of the regulatory environments in the U.S., Canada and Asia. Familiar to industry governance bodies such as CBIRC, SFC, MPFA, OCI, MAS, FSC, and so on

Knowledge of security software, IT audit and security, programming / coding and / or compliance

Recognized professional designations in Information Security, Audit and Business Continuity (e.g. CISSP, CISA, CRISC, FAIR, MBCP)

On the job you will :

Deliver the 2nd-line information risk assurance and oversight services to the technology and business segments within GWAM / Asia WAM (AWAM) while enabling the Segments to manage their information risk efficiently and effectively

Observe the global technology risk and control assessments to review the key risks and gaps identified, and to track and report on management corrective action plans as required

Provide technology risk advice to Global Information Services and Divisions when needed to improve risk-based decision-making :

  • oIdentify technology risk exposures across the enterprise;
  • oIdentify and recommend key and non-key controls for technology risks; and

    oRecommend mitigation strategies

    Develop an oversight and effective challenge to 1st Line of defense within GWAM / AWAM segment, their exceptions and risk acceptance procedure

    Review assurance quality of the technology and information risk controls

    Monitor the compliance with the information risk appetite (and associated thresholds) for Global Information Services and Divisions in conjunction with the GWAM / AWAM Business Unit partners and Operational Risk Management

    Participate in the investigation of material technology or information risk loss events (and related incidents) to assess potential systemic weaknesses and ensure appropriate corrective action is implemented

  • Conduct the so what analysis over the information risk profiles and risk dashboards for Global Information Services and GWAM / AWAM segment aligned with enterprise and operational risk reporting;
  • and identify and report on Key Risk Indicators and supporting metrics to support risk reporting

    Participate in short-term planning and enabling long-term strategies that will mature information risk management ensuring the practices keep pace with both internal drivers (company strategy and goals) and external drivers (technology, regulations, threats and vulnerabilities)

    Advocate for a strong information risk culture.

    Stay abreast with evolving information and technology risks, new regulations, laws and requirements for information risk, information security, cybersecurity, information protection and privacy across jurisdictions and overseeing company compliance with as required

    Work with information risk teams globally to ensure compliance with Global Information Risk Management processes, procedures, policies, standards, templates, and guidelines

    Conduct 2nd-line reviews of risk assessments (projects and vendors) as required

    Work with the management to ensure their informed consent and understanding of risk treatments and acceptances

    Maintain and foster enduring relationships with internal customers and peers, namely :

    osenior management and technology teams within Canadian

  • Segment, U.S. Segment and Asia WAM business units;
  • oproject Senior Managers, developers and others;
  • oexecutives and peers in the wider Information Risk Management


  • Provide adequate advice to Global Information Services and GWAM / AWAM around emerging technology risk topics by carrying out research;
  • and serve as an advocate for TRM domain best practices

    Review and correlate the GWAM / AWAM IT audit findings and their action plans along with the different types of risk assessments and incidents

    Work with Internal Audit Services and outside consultants to perform independent assessments and perform sample controls testing

    Develop an integrated view of information risk exposures across the GWAM / AWAM segment and its sub units by collaborating with GIRM COE representatives, Global and Divisional Information Services teams, Global Privacy and Compliance, Operational Risk Management and Audit Services executives and others within other second and third line of defense teams (Audit Services, Operational Risk, Compliance, Investigative Services, Enterprise Risk, etc.)

    Our commitment to you

    Our mission; to be a part of making Decisions Easier and Lives Better

    A leadership team dedicated to your growth and success

    A bold ambition and set of goals to be a leader in driving transformation in our industry

    Our best. Every day.

    Learn more about opportunities with us at


    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    通過點擊“繼續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。