Director / Associate Director - Cyber Security
Are you looking for a supportive, collaborative workplace with great teams and inspiring leaders? You've come to the right place. We're looking for ambitious people who share our values and want to make every day better for people around the world. If this sounds like you, and the career below sounds exciting, we'd like to hear from you. Job Description The Opportunity
The ETS Asia Control Integrity team is the security control and governance team under the ETS Asia Umbrella. The team performs security assessments for new technologies and new projects, in addition to performing an assurance function to ensure ETS complies with company and regulatory security requirements.
Join this dynamic team as the person accountable to monitor and respond to security threats and incidents for both the cloud-based and on premises based infrastructure, platform and services. What motivates you?
We are looking for someone with:
- You obsess about customers, listen, engage and act for their benefit
- You think big, with curiosity to discover ways to use your agile mindset and enable business outcomes
- You thrive in teams, and enjoy getting things done together
- You take ownership and build solutions, focusing on what matters
- You do what is right, work with integrity and speak up
- You share your humanity, helping us build a diverse and inclusive work environment for everyone
Nice to Haves:
- Degree holder of computer science or engineering.
- Ethical hacking, intrusion detection and incident response certificates issues by reputable organization.
- Possess Information security (CISSP, CISM, SANS) designations.
- At least 10 years working experience focusing on penetration testing, security incident monitoring and response, preferably including forensics analysis.
- At least 10 years of working experience in the information security areas including network security, IAM, RBAC, encryption, security scanning, hardening, privilege ID management etc.
- Able to make quick and prudent decision in emergent situations, and think holistically and strategically on process and technology improvements.
- Able to define and rationalize goals as well as define and execute roadmap for process improvement.
- Proficient in communication with senior leaders.
- Strong experience in threat detection and incident response tools.
- Able to work on flexible hours including having meetings with North America in the evenings occasionally.
- Ability to manage multiple tasks for multiple stakeholders which will need to be prioritized. Results oriented; ability to balance multiple priorities and projects.
- Knowledge of control frameworks, risk management practices and regulatory requirements.
- Well-developed impact and influence skills.
- Excellent customer focus and commitment to quality.
- Knowledge and understanding of the financial industry.
On the job you will:
- Experience with cloud IaaS, PaaS, and SaaS security controls and adjust incident response process due to involvement of cloud technology.
- Strong experience on automation for security control enforcement and monitoring
- Experience in runtime security scanning and runtime protection tools and security controls in microservices env.
- Track record of building strong relationships across technology functions.
- Collaborate with the global function, streamline cyber security incident response process and investigation flow for Asia region.
- Investigate security events or assist global function to investigate incidents by leveraging knowledge of the Asia environment and controls.
- Communicate incidents/events to stakeholders.
- Lead/guide the containment and eradication phase of the incidents when occurred.
- Lead cyber security simulation exercise and maintain information about key contacts critical to incident response.
- design use cases and relevant monitoring rules in SIEM to detect and alert on incidents.
- Coordinate remediation of findings from global penetration testing and purple team exercise, investigate root cause and work with various teams to define and drive implementation of remediation roadmap.
Project and Technology Information Risk Management
- Perform ETS project and technology information risk assessments including assessing risks and define controls as well as tracking the implementation of controls. Assessment focus for the incumbent is the cloud-based infrastructure, platform and services
- Design, document and/or implement BAU security controls applicable to the cloud-based infrastructure, platform and services
- Evaluate products for implementing security controls in the cloud or on-premises spaces.
- Develop Infrastructure-as-code to automatically and continuously enforce security controls.
Our commitment to you
- Establish security compliance monitoring mechanism to periodically and automatically measure security control operation effectiveness.
- Provide security metrics for overall security posture reporting.
Every career at Manulife/John Hancock provides the opportunity to learn new skills and move your career forward. Ready to make an impact somewhere? What are you waiting for? Apply today. About Manulife
- Our mission; to be a part of making Decisions Easier and Lives Better
- A leadership team dedicated to your growth and success
- A bold ambition and set of goals to be a leader in driving transformation in our industry
- Our best. Every day.
About Manulife Manulife Financial Corporation is a leading international financial services provider that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Canada, Asia, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and our global wealth and asset management segment, Manulife Investment Management, serves individuals, institutions and retirement plan members worldwide. At the end of 2020, we had more than 37,000 employees, over 118,000 agents, and thousands of distribution partners, serving over 30 million customers. As of March 31, 2021, we had CAD$1.3 trillion (US$1.0 trillion) in assets under management and administration, and in the previous 12 months we made $31.3 billion in payments to our customers. Our principal operations are in Asia, Canada and the United States where we have served customers for more than 155 years. We trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong. Manulife is an Equal Opportunity Employer
At Manulife /John Hancock , we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour , ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process . All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies . To request a reasonable accommodation in the application process, contact email@example.com .