information risk assessment Manager, asia information risk assessment and practicesThe Manufacturers Life Insurance Co (Phils) Inc( Manulife Philippines )

Job Description
We are a leading financial services provider committed to making decisions easier and lives better for our customers and colleagues around the world. From our environmental initiatives to our community investments, we lead with values throughout our business. To help us stand out, we help you step up, because when colleagues are healthy, respected and meaningfully challenged, we all thrive. Discover how you can grow your career, make impact and drive real change with our Winning Team today.
Working Arrangement
Hybrid
Job Description
The Opportunity
This position reports directly to the Asia Information Risk Assessment Lead and Regional Office Security Officer. This is a key role within the
Asia IT Control & Governance function.
The function sits within Manulife's line 1b of defense - where we align with leadership to set the risk culture, support IT in identifying and mitigating risks at scale, and provide a common view and narra tive of key risks to enable business discussions. We help business units to ensure uninterrupted BAU on a day-to-day basis by effectively managing their information and operational risks. To achieve this, we need to ensure success in maintaining internal controls and liaison with Manulife's line 2 of defense that owns Manulife control policies and standards.
The goal of this position is to support regional project teams understand and effectively manage their information security and technology risks, support the deployment of the Business Unit Security Officer (BUSO) target operating model (including standardized and effective ways of working, operationalizing and automating recurring tasks).
What motivates you
You obsess about customers, listen, engage and act for their benefit
You think big, with curiosity to discover ways to use your agile mindset and enable business outcomes
You thrive in teams, and enjoy getting things done together
You take ownership and build solutions, focusing on what matters
You do what is right, work with integrity and speak up
You share your humanity, helping us build a diverse and inclusive work environment for everyone
We are looking for someone with:
University graduate with minimum 5 years of experience or more of related technology risk, audit, or information security experience
Hands on experience conducting information risk assessments
Past experience in Regional role and/or as a Business Unit Security Officer is advantageous
Strong interpersonal skills, including demonstrated ability to be sensitive and professional when communicating across geographical and cultural boundaries.
Effective influencing and negotiation skills with the aptitude to achieve consensus in a federated environment.
Professional certification or designation in information security (e.g., CISA, CISSP, CISM) would be added advantage
Strong stakeholder and people management skills able to effectively articulate technical vision, possibilities, and outcomes through strong verbal and written communication
Strong technology background and risk management sense and how they can impact the business
Knowledge of latest technology development and financial services / insurance business an advantage
Good analytical, teamwork capability and able to work independently
Good interpersonal communication, management and presentation skills
A team player who is able to interact with other control functions on project delivery
Proficient in English, both verbal and written, proficiency in other Asian language would be a plus.
On the job you will:
Perform information risk assessments for regional programs including providing practical guidance on risks mitigation strategies and ensuring prompt execution of remediation actions
Support the development of the framework for the execution of project risk assessment from a technical security and information risk management perspective (includes risk identification based on information criticality through to control implementation and management of risk acceptance by business areas). This involves executing the following: playbooks, training programs, quality assurance plans, standardized reporting, and mechanisms to share best practices
Perform review of project risk assessments completed by accessors from Asian countries to promote consistent risk assessment methodologies, standards and other company-wide initiatives, and provide guidance on risks mitigation strategies and ensure prompt execution of remediation actions Engage security subject matter experts to provide additional specialized support to project teams, as needed
Liaise with 2nd Line of Defense to ensure understanding and compliance with policies and standards, and support assurance review conducted by 2nd Line for Defense
Assist program teams countries in preparing and maintaining the schedule of risk mitigation action plans and commitments
Support program teams on ad-hoc risk and controls related tasks as and when required
Support Asia Regional Office Security Office to provide day-to-day guidance on security practice, manage security incidents, access service requests that have a security impact etc.
Contribute to regional and global information security and controls governance initiatives, as needed. Ensure segment-specific requirements and needs are accommodated whenever possible and practical in initiatives, projects and services, and share with country teams for country deployment
Support management of security/technology incidents and/or compliance breaches. Covering the entire incident lifecycle, from identification and containment to root cause analysis and trending analysis.
Support deployment of the BUSO Center of Excellence team. Including providing services to markets for tasks that do not require local presence and/or knowledge (e.g. security approvals, execution of processes that are global or operational in nature).
Our commitment to you
Our mission to be a part of making Decisions Easier and Lives Better
A leadership team dedicated to your growth and success
A bold ambition and set of goals to be a leader in driving transformation in our industry
Our best. Every day.
About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Asia, Canada, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups and institutions. At the end of 2022, we had more than 40,000 employees, over 116,000 agents, and thousands of distribution partners, serving over 34 million customers. At the end of 2022, we had $1.3 trillion (US$1.0 trillion) in assets under management and administration, including total invested assets of $0.4 trillion (US $0.3 trillion), and segregated funds net assets of $0.3 trillion (US$0.3 trillion). We trade as MFC on the Toronto, New York, and the Philippine stock exchanges, and under 945 in Hong Kong.
Manulife is an Equal Opportunity Employer