Associate Director, Information Risk Assessment Lead Associate Director, Information Risk Assessment  …

Manulife Hong Kong
in Hong Kong, Hong Kong, Hong Kong
Permanent, Full time
Be the first to apply
Competitive
Manulife Hong Kong
in Hong Kong, Hong Kong, Hong Kong
Permanent, Full time
Be the first to apply
Competitive
Associate Director, Information Risk Assessment Lead
Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.

Job Description
This position manages a small team is a single-incumbent senior leadership role within the Governance, Strategy and Planning Risk Assessment Team of the Asia L1 IT & Ops Security and Risk Control & Governance function.

The function sits within Manulife's line 1b of defense where we align with leadership to set the risk culture, support IT in identifying and mitigating risks at scale, and provide a common view and narrative of key risks to enable business discussions, where we ensure control gaps are identified and drive the corrective action of risk and compliance issues across the region to ensure our "crown jewels" (customer's health information, proprietary algorithms, transaction data) are secured (CIA triad) from end-to-end.  

Goal of position:The goal of this position goal of this position is to support Business Units assess and manage the risks that arise in 3rd party vendor relationships and through projects/change. Specifically, this role leads and drives the Asia Project and Vendor Information Risk Assessment Program. Risk Assessments are a key component of the  3rd party management process and project delivery life cycles.

In addition, this role also acts as the security officer for Manulife's Asia Regional Office.

Responsibilities:
  • Lead Information Project and Vendor Risk Assessment Program across Asia. This involves establishing the following: play books, training programs, quality assurance plans, standardized reporting, and mechanisms to share best practices;
  • Perform and review 3rd Party Vendor Information Risk Assessments and provide guidance on risks mitigation strategies. Conduct 3rd party on-site visits and support vendor due diligence process;
  • Perform and review Project Information Risk Assessments and provide guidance on risks mitigation strategies;
  • Work with Vendors and project teams to identify information security risks and provide hands on guidance on risk mitigation strategies to address risk themes;
  • Engage security subject matter experts to provide additional specialized support to project teams and vendors, as needed;
  • Liaise with 2nd Line of Defense to ensure understanding and compliance with policies and standards;
  • Provide technology, risk, business process or control consulting on company-wide initiatives;Execute Information Risk Management practices and controls;
  • Perform and validate 3rd Party Vendor Information Risk Assessment  and support vendor due diligence process to evaluate the effectiveness of third-party vendor's risk management program;
  • To address risk themes and act as the security officer for the regional office. This includes the supporting regional office by providing day-to-day guidance on security practices, managing security incidents, assess service requests that have a security impact, review and action regional office security metrics;
  • Coach and support more junior team members and other stakeholders as needed.

Individual Accountabilities:
  • Overall effectiveness and continuous improvement of Asia Project and Vendor Risk Assessment Program;
  • Quality of information risk assessments (direct responsibility of regional projects and vendors, joint accountability for country level projects and vendors). Including the clear articulation and communication of 3rd party and project information risks;
  • Compliance with Vendor Information Risk Management review standard. Completion of Vendor and Project and Vendor Information Risk Assessment for all regional initiatives;
  • Effective support of regional office for all security related items..

Key Shared Accountabilities:
  • Incumbent will work closely with contract managers, procurement teams, project teams, information risk subject matter experts and business unit owners to effectively manage vendor and project related information risks. In many cases this role plays a coordination role to ensure the right outcomes;.
  • Quality of information risk assessments (direct responsibility of regional projects and vendors, joint accountability for country level projects and vendors). Including the clear articulation and communication of 3rd party and project information risks.


Experiences and Qualifications:
  • University graduate with minimum 10 years of solid experience in or more of related technology risk, audit, or information security experience Strategic Planning;Assessment especially in financial institutions;
  • Hands on experience conducting project and vendor information risk assessments;
  • Experience in planning, designing and implementing an overall risk management process for a financial organization;
  • Experience in information project & third-party vendor information risk, resource planning, program management audit and security & compliance, identify access management, operation security, data protection, security incident management, and Business Continuity Management. and past experience in working in a Regional role would be advantageous;
  • Experience in governance, budgeting, strategic planning, training and etc.regulatory engagement;
  • Experience in planning, designing and implementing an overall risk management process for a financial organization;
  • Holder of Professional Certificate CISSP or other internationally recognized security certification or
  • Holder of a Certificate in Procurement and Supply or other internationally recognized procurement or vendor management certification;
  • CRISC, One of CISA, CISSP, PMP and/ or CISM would be an advantage

Core Competencies and Skills:
  • Strong stakeholder and people management skills; able to effectively articulate risk posture, technical vision, possibilities, and outcomes through strong verbal and written communication;
  • Strong interpersonal skills, with ability to influence senior leaders and inspire and train more junior team members;
  • Good understanding of how technology supports Manulife's strategy;
  • Deep understanding of IT risks and how they can impact the business;
  • Strong stakeholder and people management skills; able to effectively articulate technical vision, possibilities, and outcomes through strong verbal and written communication;
  • Strong interpersonal skills, with ability to influence senior leaders and inspire and train more junior team members;
  • Self-driven, able to meet objectives with a minimal amount of managerial oversight;
  • Can distill complex issues into simple reports, solutions, and designs;
  • Proficient in English, both verbal and written, proficiency in other Asian language would be a plus.;


If you are ready to unleash your potential, it's time to start your career with Manulife/John Hancock.

About Manulife
Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. We operate primarily as John Hancock in the United States and Manulife elsewhere. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. At the end of 2018, we had more than 34,000 employees, over 82,000 agents, and thousands of distribution partners, serving almost 28 million customers. As of June 30, 2019, we had over $1.1 trillion (US$877 billion) in assets under management and administration, and in the previous 12 months we made $29.4 billion in payments to our customers. Our principal operations in Asia, Canada and the United States are where we have served customers for more than 100 years. With our global headquarters in Toronto, Canada, we trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.

Manulife is an equal opportunity employer. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention and advancement and we administer all of our practices and programs based on qualification and performance and without discrimination on any protected ground. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request any accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.
Manulife Hong Kong logo
Close
Loading...