Senior Manager, Information Security Management

  • Competitive
  • Hong Kong
  • Permanent, Full time
  • Manulife Hong Kong
  • 21 May 19

Senior Manager, Information Security Management

Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.

Job Description
Role Summary:
The person is responsible for the HKIT information security management as first line of defense, in alignment with the mandates and objectives from Asia Division and Global IRM. The individual collaborate and liaise with Hong Kong IRM stakeholders, participates in Hong Kong IS governance support the implementation of IRM program objectives and execute the practices & controls. In addition, to represent HKIS for Information Risk initiatives, contributing to build business case, standards, and framework, bring awareness, in order to success in building a robust first line of defense.

Key Result Areas:
• Execute IRM practices and controls on Information Security Management ISM and Technology Risk Management TRM for HKIS
• Point of contact of information risk management services, provide advisory and guidance on Information Risk and Security, Technology Risk and regulatory for information services and business

  • Performing application security scanning and secure application code review for HKIS
  • Develop the Hong Kong secure application coding guideline and application security scanning process in comply with Corporate or Regional standards
  • The scope of work including developing secure coding guideline, recommending penetration test policy and source code review guideline to the client
  • Follow up and address the root cause of any system vulnerabilities or security incidents identified
• Formulation of HK IRM Plan and solutions in order to ensure that the IRM development and implementation are effective, and in comply with the Asia divisional strategies and local regulations
• Perform and validate Information Risk Assessment, participate in due diligence on vendor selection process, for local and other Asia countries
• Report HK IRM risk and performance, the posture and exposures
• Perform logical access regular assessment for HKIS
• Coordinate HK security activities, including but not limited to application security scanning and penetration test, information risk awareness and readiness for HKIS
• Participles in HK governance support the implementation of IRM program objectives, collaborate with IT infrastructure service for IRM project delivery assurance
• Incident management, collaborate with IRM for establishing communication, response & handling in the event of HK information risk and incident

Experiences and Qualifications:
• University graduate with minimum 10 years solid experience in Information Risk and Security Management in which at least 5 years of progressively responsible experience performing application security assessments
• Holder of Professional Certificate CISSP, CISA and or CISM. CBCP, PMP would be an advantage
  • Experience of performing penetration tests, vulnerability assessments and infrastructure security reviews for web applications and their supporting network infrastructure; and performing secure coding review
  • Hands-on experience with HP Fortify and WebInspect
  • Experience of development, architecting, and implementing of IT security solutions, with focus on application security aspects
  • Experience of digital security methodologies and deployments
  • Knowledge of the latest technology development would be a plus
  • Experienced in secure application coding and application security scanning
  • An individual who is motivated and able to work independently, with minimal supervision
  • A team player who is able to interact with other control functions on project delivery

Core Competencies and Skills:
• Proficient in English, spoken and written
• High integrity and professional work practice
• Good analytical, teamwork capability and able to work independently
• Good interpersonal communication, management and presentation skills
• Project Management and, Incident and Problem Management

If you are ready to unleash your potential, it's time to start your career with Manulife/John Hancock.

About Manulife
Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. We operate primarily as John Hancock in the United States and Manulife elsewhere. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. At the end of 2018, we had more than 34,000 employees, over 82,000 agents, and thousands of distribution partners, serving almost 28 million customers. As of December 31, 2018, we had over $1.1 trillion (US$794 billion) in assets under management and administration, and in the previous 12 months we made $29.0 billion in payments to our customers.

Our principal operations in Asia, Canada and the United States are where we have served customers for more than 100 years. With our global headquarters in Toronto, Canada, we trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.

Manulife is committed to supporting a culture of diversity and accessibility across the organization. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request an accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.