Senior Manager/Manager, Information Security Management, Enterprise Technology Services (ETS)
Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations. Job Description General Description:
The ETS Asia Control Integrity team is the security and compliance team under the ETS Asia Umbrella. The team performs security assessments for new technologies and new projects, in addition to performing an assurance function to ensure ETS comply with company and regulatory security requirements. The incumbent will be an individual contributor reporting to Director of the team.
The incumbent is accountable to perform various security review on a regular basis, and provide security training and advisories to ETS support towers. Annual Information Risk Assessment:
Project Information Risk Management:
- The incumbent will assess risks and controls in each ETS technical towers holistically on an annual basis, document risks and mitigating plan, as well as provide guidance and monitor mitigation status on an ongoing basis.
Vendor Risk Management:
- Provide ETS project and technology information risk assessments and assist with the development and tracking of management action plans.
- Support risk reporting by providing information on information risk exposures introduced by ETS projects.
- Maintain a prioritized list of service organizations to be assessed within each calendar year.
- Conduct service organization assessments (on-site and remote) as required.
- Conduct Due Diligence service organization assessments (for example, as part of an RFP).
- Review service organization examination reports such as SOC1 (CSAE 3416, etc.), SOC 2, Privacy Diagnostic Reports, ISO 27001 Certification Reports, PCI Compliance Attestations, etc.:
- Review of the applicability of scope \ coverage.
- Analysis of any noted exceptions within the reports, recurring issues, etc.
- Appropriateness of service organization remediation plans.
- Track and assist with remediation of any exceptions.
Security Process Improvement
- Document and review application traffic flows, review and approve relevant firewall rule requests.
- Review Security Acceptance Testing performed by the platform support team before system production cutover, including system hardening review, vulnerability scan finding review, ID review and so on.
- Review and approve privilege ID requests
- Review recorded privilege users' activities from privilege management tools.
- Analyze and follow up with findings from regular vulnerability assessments.
- Perform periodic security hardening compliance check against systems in data centers.
- Prepare regular security metrics reports based on data gathered from various security tools such as Qualys, CyberArk, Lumeta.
- Through automation and process improvement, improve efficiency in security management in areas such as security hardening, firewall rule review and approval, patching, post incident remediation, privilege ID management, vulnerability assessment and post penetration testing remediation.
Required Skills / Competencies:
- Prepare awareness training materials for security education for ETS towers.
- Conduct security training in South East Asia countries.
- Degree holder of computer science or engineering.
- Possess Information security (CISSP, CISM, SANS) and auditing (CISA) designations.
- At least 10 year working experience in related fields such as security risk assessment, security operation.
- Strong prior experience of securing infrastructure (e.g. firewall rule review, privilege ID management, system hardening, vulnerability management…)
- Ability to manage multiple tasks for multiple stakeholders which will need to be prioritized. Results oriented; ability to balance multiple priorities and projects.
- Prior experience on script development, PowerBI for automation is an asset.
- Knowledge of control frameworks, risk management practices and regulatory requirements.
- Well-developed impact and influence skills.
- Track record of building strong relationships across technology functions.
- Excellent customer focus and commitment to quality.
- Knowledge and understanding of the financial industry.
Minimum Working hours:
- The incumbent will work in regular office hour most of the time. However, ETS is a global organization. The incumbent is required to work on flexible hours including having meetings with North America in the evenings occasionally.
The incumbent will work in the Hong Kong office. If you are ready to unleash your potential, it's time to start your career with Manulife/John Hancock. About Manulife
Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. We operate primarily as John Hancock in the United States and Manulife elsewhere. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. At the end of 2018, we had more than 34,000 employees, over 82,000 agents, and thousands of distribution partners, serving almost 28 million customers. As of June 30, 2019, we had over $1.1 trillion (US$877 billion) in assets under management and administration, and in the previous 12 months we made $29.4 billion in payments to our customers. Our principal operations in Asia, Canada and the United States are where we have served customers for more than 100 years. With our global headquarters in Toronto, Canada, we trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.
Manulife is an equal opportunity employer. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention and advancement and we administer all of our practices and programs based on qualification and performance and without discrimination on any protected ground. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request any accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.