The customer is the focus of everything we do, and millions of end users rely on our products daily. We believe in the value of empowering Senior Manager, Asia WAM Information Risk Management with the resources to solve critical problems for the future of our business, which is why we need you.
Manulife HK is seeking for a Manager / Senior Manager, Asia WAM Information Risk Management who is responsible for the delivery of the 2nd-Line of defense for Information Risk Management (IRM) practice with primary focus on the Global Wealth and Asset Management (GWAM) Segment at Manulife and John Hancock.
The incumbent will serve as a Subject Matter Expert on information security, technology risk, privacy, and business continuity management with the global IRM team.
The Senior Manager drives the execution of highly complex and technical processes related to information risk including, but not limited to, assurance over information risk controls, risk identification and treatment, meeting local regulatory requirements, consulting on technology priorities, strategies and solutions in accordance with global information risk policies, standards, programs, processes and supporting systems.
The incumbent works closely with the IRM team and other stakeholders to ensure the work is completed and delivered in alignment with business goals, drivers and commitments.
What motivates you?
You obsess about customers, listen, engage and act for their benefit
You think big, with curiosity to discover ways to use your agile mindset and enable business outcomes
You thrive in teams, and enjoy getting things done together
You take ownership and build solutions, focusing on what matters
You do what is right, work with integrity and speak up
You share your humanity, helping us build a diverse and inclusive work environment for everyone
We are looking for someone with :
Minimum 5 years of progressive leadership in the areas of Information Security / Business Resiliency / Technology Risk strategies, principles, processes and deliverables within a large enterprise
University degree (Computer Science or related discipline preferred)
Previous risk advisory consulting experience is preferred
Wealth and Asset Management, Group Retirement, or General Account Investment industry experience.
Sound knowledge of best practices of various aspects of information risk management and prior experience as a leader in Information Risk
2nd-line of defense experience, developing and executing effective challenge and oversight of risk management activities
Strong communication skills and ability to explain highly technical information for non-technologists including executives
Effective negotiation skills with the aptitude to achieve consensus in a federated environment
Strong interpersonal skills, including demonstrated ability to be sensitive and professional when communicating across geographical and cultural boundaries
Ability to work independently and collaboratively simultaneously, while managing multiple priorities within tight deadlines
Strong competencies in collaboration, problem solving and influencing key risk decisions
Knowledge of the regulatory environments in the U.S., Canada and Asia. Familiar to industry governance bodies such as CBIRC, SFC, MPFA, OCI, MAS, FSC, and so on
Knowledge of security software, IT audit and security, programming / coding and / or compliance
Recognized professional designations in Information Security, Audit and Business Continuity (e.g. CISSP, CISA, CRISC, FAIR, MBCP)
On the job you will :
Deliver the 2nd-line information risk assurance and oversight services to the technology and business segments within GWAM / Asia WAM (AWAM) while enabling the Segments to manage their information risk efficiently and effectively
Observe the global technology risk and control assessments to review the key risks and gaps identified, and to track and report on management corrective action plans as required
Provide technology risk advice to Global Information Services and Divisions when needed to improve risk-based decision-making :
oIdentify and recommend key and non-key controls for technology risks; and
oRecommend mitigation strategies
Develop an oversight and effective challenge to 1st Line of defense within GWAM / AWAM segment, their exceptions and risk acceptance procedure
Review assurance quality of the technology and information risk controls
Monitor the compliance with the information risk appetite (and associated thresholds) for Global Information Services and Divisions in conjunction with the GWAM / AWAM Business Unit partners and Operational Risk Management
Participate in the investigation of material technology or information risk loss events (and related incidents) to assess potential systemic weaknesses and ensure appropriate corrective action is implemented
and identify and report on Key Risk Indicators and supporting metrics to support risk reporting
Participate in short-term planning and enabling long-term strategies that will mature information risk management ensuring the practices keep pace with both internal drivers (company strategy and goals) and external drivers (technology, regulations, threats and vulnerabilities)
Advocate for a strong information risk culture.
Stay abreast with evolving information and technology risks, new regulations, laws and requirements for information risk, information security, cybersecurity, information protection and privacy across jurisdictions and overseeing company compliance with as required
Work with information risk teams globally to ensure compliance with Global Information Risk Management processes, procedures, policies, standards, templates, and guidelines
Conduct 2nd-line reviews of risk assessments (projects and vendors) as required
Work with the management to ensure their informed consent and understanding of risk treatments and acceptances
Maintain and foster enduring relationships with internal customers and peers, namely :
osenior management and technology teams within Canadian
oexecutives and peers in the wider Information Risk Management
and serve as an advocate for TRM domain best practices
Review and correlate the GWAM / AWAM IT audit findings and their action plans along with the different types of risk assessments and incidents
Work with Internal Audit Services and outside consultants to perform independent assessments and perform sample controls testing
Develop an integrated view of information risk exposures across the GWAM / AWAM segment and its sub units by collaborating with GIRM COE representatives, Global and Divisional Information Services teams, Global Privacy and Compliance, Operational Risk Management and Audit Services executives and others within other second and third line of defense teams (Audit Services, Operational Risk, Compliance, Investigative Services, Enterprise Risk, etc.)
Our commitment to you
Our mission; to be a part of making Decisions Easier and Lives Better
A leadership team dedicated to your growth and success
A bold ambition and set of goals to be a leader in driving transformation in our industry
Our best. Every day.
Learn more about opportunities with us at jobs.manulife.com