Director, Country Information Risk Management Lead
- Hong Kong Hong Kong Hong Kong HK
- Permanent, Full time
- Manulife Hong Kong
- 17 Jul 18 2018-07-17
Director, Country Information Risk Management Lead
Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.
Country Information Risk Management Lead
The Country Information Risk Management Lead is responsible for country information risk management 'IRM' in alignment with the business mandates and objectives from Country IT and Ops, Asia division and Global IRM. The individual collaborate and liaise with Country stakeholders and Asia division IRM Center of Excellent CoE team, participles in country governance execute the practices, controls and resilience, and support the implementation of IRM program objectives. In addition, to represent country information risk initiatives, contributing build business case, standards, and framework, in order to success in satisfaction from country COO, CIO, business executives.
Key Result Areas:
- Execute Information Risk Management practices and controls
- Formulation of IRM Plan and solutions with various business units in order to ensure that the IRM development and implementation are effective, and in comply with Asia divisional and country strategies and local regulations
- Establish country information risk council, local risk profiles and appetites, advises country IRM risk and performance, Key Risk Indicators KRIs, posture and exposures, with executives and stakeholders, maintain up to date with IRM metric system
- Perform and validate Information and Vendor Risk Assessment, participate in due diligence on vendor selection process, identify potential risk and provide guidance of risk mitigation and acceptance process
- Point of contact for local country information risk management services, provide advisory and guidance on Information Risk and Security, Technology Risk and regulatory for information services and business
- Coordinate country local security activities, regional and global IRM program and project, including but not limited to application security, data loss prevention and logical access management, information risk awareness and readiness for the business
- Participles in country governance support the implementation of IRM program objectives, collaborate with Country IT infrastructure service for IRM project delivery assurance
- Closing any gap of information security / risk activities
- Understanding of local technology risk regulatory requirements, provides guidance
- Participate and directly engagement in local country regulators' reviews and exams, ensure compliance with the requirements including framework, guidelines & policies for IRM and IT. Maintain of local IT regulatory matrix
- Liaise with internal, external auditors, and regulatory agencies on risk and compliance reviews and exams. Guidance on IT audit planning and scope align with IT control objectives, oversee country audit issues addressed in a timely manner
- Support Asia divisional IRM budget and funding for local country, manage the budget and funding of Country Information Technology Security and Risk management, oversee programs manage the cost & schedule performance
- Information risk incident management, responsible for establishing communication, response & handling in the event of information risk and incident occurs
- Resilience, backup and support other country as requested
- University graduate with minimum 5 years solid experience in Information Risk and Security Management gained in financial industry
- Experience in IT Audit and Compliance with exposure in IT Application SDLC, Infrastructure and Operations
- Experience in regulatory engagement
- Holder of Professional Certificate CISSP, CISA and or CISM. CBCP, PMP would be an advantage
Core Competencies and Skills:
- Proficient in English, spoken and written
- Proficient in Japanese, spoken and written (for Japan only)
- High integrity and professional work practice
- Appreciation of peoples and cultures of different countries
- Good analytical, teamwork capability and able to work independently
- Good interpersonal communication, management and presentation skills
- Project Management and, Incident and Problem Management
Manulife Financial Corporation is a leading international financial services group that helps people achieve their dreams and aspirations by putting customers' needs first and providing the right advice and solutions. We operate as John Hancock in the United States and Manulife elsewhere. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. At the end of 2016, we had approximately 35,000 employees, 70,000 agents, and thousands of distribution partners, serving more than 22 million customers. At the end of 2016, we had $977 billion (US$728 billion) in assets under management and administration, and in the previous 12 months we made almost $26 billion in payments to our customers.
Our principal operations are in Asia, Canada and the United States where we have served customers for more than 100 years. With our global headquarters in Toronto, Canada, we trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.
Manulife is committed to supporting a culture of diversity and accessibility across the organization. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request an accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.