Technology and Third-Party Risk Management Manager

Technology and Third-Party Risk Management Manager

The Technology Risk and Third-Party Risk Management Manager will be responsible for overseeing and managing all aspects of outsourcing, cloud outsourcing, and third-party risk management within the organization. This role requires a deep understanding of regulatory compliance, risk management, and cloud computing technologies. The successful candidate will ensure that all outsourcing and third-party arrangements comply with relevant laws and regulations, mitigate associated risks, and maintain the confidentiality, integrity, and availability of data.

Position Responsibilities:

• Facilitate the development, implementation, and maintenance of an outsourcing and vendor management governance framework, along with policies and procedures aligned with industry standards and regulatory requirements.

• Ensure the Outsourcing Policy and Governance are properly followed while addressing Local/Group requirements from compliance, security, business continuity, finance, and tax standpoints with appropriate documentation in place.

• Conduct comprehensive risk assessments and due diligence for outsourcing, cloud outsourcing, and third-party arrangements.

• Develop and implement risk management frameworks and policies for traditional and cloud outsourcing, and third-party risk management.

• Manage relationships with service providers and third parties, including vendor selection, contract negotiation, security clause and performance monitoring.

• Ensure compliance with regulatory requirements, including OSFI B-10, OSFI E-21, GDPR, PDPO, etc.

• Implement robust security controls and data protection measures, including SOC 2, ISO 27001, COBIT, and NIST frameworks.

• Oversee business continuity planning and disaster recovery for outsourced and third-party services.

• Conduct regular due diligence and reviews of outsourcing and third-party arrangements to ensure compliance and effectiveness.

• Collaborate with response teams to ensure ongoing monitoring and effective governance of outsourcing arrangements.

• Produce concise reports for management review regarding the status of outsourcing management.

• Monitor and provide guidance to business units on controls and governance processes related to outsourcing requirements.

• Recommend improvements to enhance company-wide awareness of outsourcing practices.

• Stay updated with the latest trends and developments in outsourcing, cloud computing, and third-party risk management.

Required Qualifications:

• Bachelor’s degree in Business Administration, Enterprise Risk Management, Corporate Administration and Governance, Computer Science, Information Technology, or a related field.

• Minimum of 5 years in outsourcing management or third-party risk management (TPRM) or Technology Risk, preferably in financial institutions or the insurance industry.

• Preferred knowledge of regulatory requirements, particularly in outsourcing management. Regulatory bodies include Hong Kong Insurance Authority (IA), Mandatory Provident Fund Schemes Authority (MPFA), Monetary Authority of Macao (AMCM), and Office of the Superintendent of Financial Institutions (OSFI) in Canada.

• Ability to work independently and manage multiple tasks concurrently.

• Experience in reviewing legal documents, contract clauses, addendums, and Scope of Work (SoW).

• Risk Management / Internal Controls / TPRM related accreditation would be desirable.

• Proficiency in written and spoken English and Chinese languages. Capable of reading and writing in Simplified and Traditional Chinese.

Preferred Certification:

• Certified Outsourcing Professional (COP)

• Certified Outsourcing Management Professional (ISO37500)

• Certified Third-Party Risk Management Professional (C3PRMP)

• Certified Information Privacy Professional (CIPP)

• Project Management Professional (PMP)

• Certified Information Systems Security Professional (CISSP)

• Certified Cloud Security Professional (CCSP)

• Certificate of Business Continuity Institute (CBCI)

When you join our team:

• We’ll empower you to learn and grow the career you want.

• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our global team, we’ll support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact recruitment@manulife.com.

Working Arrangement