Manager, IT Control & Governance
Hong Kong, HK

Job Description :

Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.

Job Description

Are you interested to work for a large multinational that puts people first and where showing your humanity is truly valued?

Manulife has a strong culture of transparent communication and teamwork, with empowerment and working flexibility embedded in our culture.

We fully embrace open source and AI technology. Manulife believes great ideas can come from anywhere and anyone, we are looking for talented technologists who want to use their passion and interests to work with other passionate and diverse individuals to help us become a digital customer leader.

Our employees are able to develop their career and skill set to executive levels without stepping away from the frontline of technological innovation through our IT Careers Framework, Manulife University and Pluralsight, our technology skills platform.

Manulife is also committed to adopting Agile as a mindset across our businesses. If new ways of working with beer and pizza fueled hackathons, an innovative approach to problem solving, change, process, system improvement and continuous learning excite you, then please do get in touch.

It's also important to note that we welcome IT talents with a non IT background, even a degree is not a must have, if you're excited by the proposition and you think you've got what it takes - follow the link!

The manager role sits in the first line of defense, is responsible for Asia information technology controls and governance services, in alignment with the mandates and objectives of Global segment.

  • The individual will collaborate and liaise with Country Information Services, Business Units, Global CoE teams and Asia segment stakeholders, participates in Asia countries’ governance structure to support the implementation of ISM strategy;
  • and execute the practices and controls, as well as promote risk and security awareness for the successful implementation of the ISM strategy.

    Key Result Areas :

  • Execute Information Risk Management / Information Security policies and standards and associated security controls especially in the Information Security Management (ISM) domain for Asia region
  • Participate in IT projects and initiatives to bring proactive information security management focus into solutions, assist in formulation ISM plan to ensure effective and consistent application of ISM policies and standards across all technology projects, systems and services, as well as compliance to local Laws and Regulations
  • Oversee ongoing information security processes for incident management, access management, legacy technology and vulnerability management, and even some processes tied to business continuity and disaster recovery.
  • Partner with business units and technical teams to implement ISM processes and supporting procedures.
  • Monitor risk and communicate to relevant stakeholders to ensure continued effectiveness of the Company’s ISM strategy, establish corrective actions where necessary
  • Support and participate in security projects from our Global and Regional partners
  • Provide advisory and guidance on Information Risk, Technology Risk and Regulatory for information services and business
  • Coordinate security activities, including but not limited to application security source code scanning, legacy technology and vulnerability management, logical access regular assessment, information risk awareness and readiness for the Asia region
  • Participate in regular meetings with various teams in Asia as well as globally
  • Review and understand technology risk regulatory requirements, provide advisory, ensure compliance with the requirements including framework, guidelines & policies for ISM and IT, maintain of local IT regulatory matrix
  • Conduct gap analysis for changes to Company policies, standards and new or updated Regulatory requirements, provide advisory and guidance on developing action plans to address the gaps
  • Liaison to internal, external auditors, and regulatory agencies on information security risk reviews and examinations, oversee audit issues, ensure issues are tracked and addressed in a timely manner
  • Incident management, establish communication and escalations, response & handling in the event of an information risk or security incident, advice and guidance for immediate corrective actions.
  • Participate in investigations and reporting. Review, advise and monitor preventive actions

  • Ensure controls are executed effectively, efficiently and consistently across Asia region, conduct quality control and tests on the controls, identify gaps, and devise and execute action plans to address any gaps found;
  • to ensure deficiencies are remediated appropriately

  • Report control gaps and remediation status to stakeholders
  • Assist in the rectification of knowledge / resource gaps in the Asia countries, closing the gaps of information security / risk activities
  • Travel within the region may be required
  • Experiences and Qualifications :

  • University graduate with minimum 5 years or more of progressive information security management experience in one or more disciplines : project / vendor risk assessment, network security, infrastructure / platform security, data / application security, vulnerability / patch management, and IT auditing, IT risk and control assessments.
  • Experience is application security would be an advantage
  • Professional certification or designation in information security and IT auditing, a plus, but not a requirement
  • Candidates with less experience will be considered as Specialist
  • Candidates with more experience will be considered as Senior Manager
  • Core Competencies and Skills :

  • Proficient in English, both verbal and written
  • Excellent communication skills in both technical and non-technical areas
  • High integrity, adhering to principles and values
  • Appreciation of different cultures
  • Good analytical skills
  • Works well within a diverse team as well as independently
  • Good interpersonal communication
  • 申請
    通過點擊“持續”,我允許neuvoo同意處理我的數據並向我發送電子郵件提醒,詳見neuvoo的 隱私政策 。我可以隨時撤回我的同意或退訂。