The Information Risk Officer (IRO) is responsible for the overall delivery of the information risk practice and program across the Asia Segment.
The incumbent will serve as a Subject Matter Expert on information risk issues, practice and work and must be a principle driving force to mature information risk within the business units they support and, in turn, at Manulife.
The IRO will own the execution of highly complex and technical processes related to information risk including but not limited to the assurance of information risk controls, identification of information risks, managing local regulatory relationships, consulting on technology priorities, strategies and solutions, etc.
in accordance with global information risk policies, standards, programs, processes and tool suites. The IRO oversees the Asia Segment IRM teams ensuring work is managed, prioritized and completed in alignment with business goals, drivers and commitments
Delivering information risk expertise and advice to the business users and IT users within the Asia Segment enabling them to manage their information risk efficiently and effectively.
Managing the information risk team and function across Asia Segment with direct reports in multiple locations with responsibility for all staffing decisions related to this team.
Adjusting and setting risk commitments within the team. In a changing environment, constantly reviewing and balancing the team’s business-as-usual commitments with short-term / immediate priorities and long-term strategic initiatives.
Completing short-term planning and creating long-term strategy that will mature information risk ensuring the practices keep pace with both internal drivers (company strategy and goals) and external drivers (technology, regulations, threats, vulnerabilities, etc.).
Being responsible and accountable for team budget and spending.
Staying abreast of new regulations, laws and requirements for information risk, information security, cybersecurity, information protection and privacy across jurisdictions and overseeing compliance with same as required.
Ensuring staff are properly trained and keep current with information risk and cyber security developments, threats and technology (both in use at Manulife and across the industry and security practices).
Interacting with and cooperating with information risk teams globally ensuring uniform processes and compliance with Global Information Risk Management processes, procedures, policies, standards, templates, and guidelines.
Job Requirement :
Minimum 10 years progressive leadership in the areas of Information Security / Business Resiliency / Technology Risk strategies, principles, processes and deliverables within a large enterprise.
University degree (Computer Science or related discipline preferred)
Expertise in best practices of various aspects of information risk management and prior experience as a leader in Information Risk
Strong communication skills and ability to distill highly technical information for non-technologists including executives
Strong competencies in collaboration, problem solving and influence
Knowledge of the regulatory environments in Canada and the US.
Security software, IT audit, programming / coding and / or compliance experience a plus.