Senior Manager, Information Security

Myanmar, Kantharyar OfficeTower

Manulife

Manulife is a leading financial services group. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions.

View all jobs at Manulife

Apply now Apply later

Job Posting Description 

 

Overview 

The Information Security Manager role sits in the first line of defense, is responsible for business units’ information risk management (IRM) services, in alignment with the mandates and objectives of Asia segment, as well as Globally. The individual will collaborate and liaise with Country Information Services, Business Units, Global CoE teams and Asia segment stakeholders, participates in countries’ governance structure to support the implementation of IRM strategy; and execute the practices and controls, as well as promote risk and security awareness for the successful implementation of the IRM strategy.  The role reports to Head of IT Services. 

 

Key Result Areas: 

  • Execute Information Risk Management/Information Security policies and standards and associated security controls especially in the Information Security Management ISM and Technology Risk Management TRM domains for the SEA region 

  • Conduct Information Risk Assessments and Vendor Risk Assessments, participate in due diligence on vendor selection process, identify potential risk, and provide guidance on risk mitigation and acceptance process 

  • Participate in IT projects and initiatives to bring proactive risk management focus into solutions,  assist in formulation IRM plan to ensure effective and consistent application of IRM policies and standards across all technology projects, systems and services, as well  as compliance to local Laws and Regulations 

  • Assist on formulation of risk mitigation plans and solutions in order to ensure compliance with Manulife’s standards, strategies and local regulations. 

  • Provide advisory and guidance on Information Risk, Technology Risk and Regulatory for information services and business 

  • Support and participate in security projects from our Global and Regional partners 

  • Assist in establishing information risk and security council, risk profiles and appetites, report on the business unit’s risk and performance,  posture and exposures, ensures up to date KPI/KRI metric, monitors and reports on current risk posture 

  • Coordinate security activities, including but not limited to application security scanning and penetration test, vulnerability management,  logical access regular assessment, information risk awareness and readiness for the market 

  • Review and understand technology risk regulatory requirements, provide advisory, ensure compliance with the requirements including framework, guidelines & policies for IRM and IT, maintain of local IT regulatory matrix 

  • Conduct gap analysis for changes to Company policies, standards and new or updated Regulatory requirements, provide advisory and guidance on developing action plans to address the gaps 

  • Liaison to internal, external auditors, and regulatory agencies on risk and compliance reviews and examinations, oversee audit issues, ensure issues are tracked and addressed in a timely manner 

  • Incident management, establish communication and escalations, response & handling in the event of an information risk or security incident, advice and guidance for immediate corrective actions. Participate in investigations and reporting. Review, advise  and monitor preventive actions 

  • Ensure controls are executed effectively, efficiently and consistently across SEA region, conduct quality control and tests on the controls, identify gaps, and devise and execute action plans to address any gaps found; to ensure deficiencies are remediated appropriately 

  • Report control gaps and remediation status to stakeholders 

  • Coordinate & collaborate from IT perspective for annual BCP activities such as call tree test, alternate site test, DR drill and live run test 

  • Act as the main focal point between IT and business to ensure mandatory BCP testing are conducted and reported to meet regulatory requirements 

  • Work with vendor and Manulife BCP Coordinator in the business unit during DR drill to ensure the drill is conducted as per Manulife BCP standard and business requirements. 

  • Ensure lessons learned in DR drill report will not reoccur in future 

 

Core Competencies and Skills: 

  • High integrity, adhering to principles, values and code of ethics 

  • Strong stakeholder management skills; able to effectively articulate technical vision, possibilities, and outcomes through strong verbal and written communication; 

  • Strong interpersonal skills, with ability to influence senior leaders and inspire and train more junior team members; 

  • Deep understanding of risks and how they can impact the business; 

  • Self-driven, able to meet objectives with a minimal amount of managerial oversight; 

  • Can distil complex issues into simple reports, solutions, and designs; 

  • Proficient in English, both verbal and written, proficiency in other Asian language is a plus. 

  • Excellent communication skills in both technical and non-technical areas 

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact recruitment@manulife.com.

Working Arrangement

Hybrid
Apply now Apply later

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  0  0  0
Category: Leadership Jobs

Tags: Application security Compliance Governance Risk assessment Risk management Strategy Vulnerability management

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.