Director - Technology Risk Management, Asia Information Risk Management (AIRM)

Position Responsibilities:

• Oversight and challenge: Conduct objective oversight and challenge for MITDC operations in the areas of Business Continuity Management, Change Risk (tech changes, initiatives, changes which have a tech component, issues and control action plans)

• Related Regulations and Law: Create and maintain an inventory of Asia regulations. Develop and implement process to identify any new regulations, changes in existing regulations to trigger a gap analysis against Manulife policies and standards.

• Related Regulations and Law: Develop process for mapping/gap analysis of regulations and laws against Manulife policies and standards, conduct, document and maintain mapping exercise.

• Regulatory engagement: Support regulatory engagements and examinations.  Analyze regulatory RFIs, participate in forums to develop responses and gather evidence. Build an inventory of common responses for regulator engagements and examinations.

• IRM Policies and Standards: Act as point person for IRM policies and standards, communicate and distribute, socialize IRM policies and standards to stakeholders. Seek feedback and rationalize feedback received. Act as subject matter expert, provide context and interpretation of the standards.

• IRM Policies and Standards: Participate in content drafting panel for TRM related policies and standards.

• Risk and Control Self Assessments (RCSA): Perform oversight and challenge on technology RCSA and business RCSA with tech components, monitor results of RCSA, ensure appropriate issues and control action plans (CAPs) in GRC platform are reported for any gaps.

• Resource Management: Maintain book of resources to document IRM BAU and BoW activities. Identify opportunities for alignment and improvements in IRM methodologies, processes and guidelines.

• Employee Engagement: Promote and advocate for employee engagement of the Asia IRM team, develop engagement plans and activities.

• Resource Management: Develop and maintain a plan for resource management, work with the team to establish an inventory of resources including activities, processes and guidelines.

• Risk & Information Protection Awareness: Produce awareness materials and organize security awareness events for Asia, produce metric reporting on security awareness programs such as phishing, secure code training etc.

• Team Efficiency and Effectives: Measure performance and identify improvement opportunities by conducting annual stakeholder survey, analyze and present feedback and facilitate discussions to brainstorm solutions. Host team meetings such as monthly team meetings, collaboration forums etc.

This job description is not a comprehensive listing of all job duties required for this role. We reserve the right to change these duties or assign additional duties at any time with or without notice.

Required Qualifications:

• At least five (5) years of experience in the similar capacity, focusing on technology risk management, information security and cyber security

• Prior experience information security, technology risk, business continuity and disaster recovery, audit/regulatory exams and third-party information risk would be a plus

Preferred Qualifications:

• Professional certificate holder – CISSP, CRISC, CISA, CSSLP, or CISM would be an advantage

When you join our team:

• We’ll empower you to learn and grow the career you want.

• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our global team, we’ll support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact recruitment@manulife.com.

Working Arrangement