Senior Manager, Information Assurance
- Hong Kong
- Permanent, Full time
- Manulife Hong Kong
- 19 May 19
Senior Manager, Information Assurance
Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.
The Global Information Risk Management, Group Functions Assurance team is actively searching for an experienced Senior Manager, Information Assurance
This is a 2nd line of defense Information Risk Management role. The incumbent will assist the Director by managing relationships within different service areas in Group Functions and Enterprise Technology & Services (ETS) to support information assurance program, which will include key focus on areas such as information, technology, continuity and regulatory risks and controls. This will involve collaboration and partnership with 1st line of defense IT Governance, IT Teams, ORM (Operational Risk Management), Global Compliance, 2nd line Controls Assurance team and 2nd line Center of Excellence teams.
The incumbent will be part of a team which will work with different service areas within Group Functions and ETS to understand changes occurring both at the value stream and initiative level related to the products, capabilities and services which those service areas manage. This insight and understanding will inform the 2nd line Controls Assurance team of any updates required to narratives and controls documentation helping to feed into the continuous improvement of the information assurance program. In addition, this role will have an understanding within the service areas they support of the risks and risk treatment, risk rate and risk assess control assurance testing failures, review and assess control exception requests, and perform independent 2nd line risk review of IS-related "Significant" Programs and Projects.
You'll be part of the wider IRM and Group Risk community. You'll join a world-class company known for its commitment to diversity, community involvement and work-life balance via the WorkSmart program that sees 20% of Manulife's North American employees working from home.
As a Senior Manager, Information Assurance, you will be working with specific service areas within Group Functions and ETS with the following responsibilities:
- Meet with assigned Service Area owners on a regular basis to review changes to products, capabilities & services, risks and their associated risk treatment plans.
- Provide reporting to Service Area owners and 2nd Line leadership which will outline assurance statements and control deficiencies in a way that fosters collaboration and continuous improvement.
- Build a wide understanding of products, capabilities and services for the specific supported service areas which will include key focus on areas such as information, technology, continuity and regulatory risks and controls.
- Collaborate with 2nd Line Segment Controls Assurance team on the creation and review of narratives, control documentation and control design.
- Collaborate with 2nd Line Segment Controls Assurance team on the prioritization of controls testing activities to focus on the high-risk areas.
- Assist with evidence gathering as necessary and promotion of standardized and scalable evidence gathering processes with 1st Line teams.
- Conduct risk review and root cause analysis of control testing failures in collaboration with 1st line teams.
- Conduct risk review as necessary for control exception requests in collaboration with 1st line teams.
- Identify control failures through review of Incidents in collaboration with 1st line teams.
- Identify control failures through review of Key Risk Indicators in collaboration with 1st line teams.
- Execute 2nd Line Information Risk challenge activities for Significant Projects & Vendors including independent assessment and review of 1st Line risk assessment work.
- Execute 2nd Line Top Down Risk and Control Assessment with supported service areas.
- Take on additional responsibilities as necessary.
- 5 years or more of progressive information risk management experience in one or more disciplines: project/vendor risk assessment, network security, infrastructure/platform security, data/application security, vulnerability/patch management, IT auditing, IT risk and control assessments, and business continuity/disaster recovery planning.
- Professional certification or designation in information security, IT auditing, business continuity and/or disaster recovery a plus, but not a requirement.
- Post-secondary diploma or degree in computer science fields of study is preferred.
- Excellent communication skills (oral and written) including presentation skills with demonstrated ability to present at all organizational levels.
- Ability to work independently and as part of a team, managing multiple priorities across several service areas.
- Experience with FAIR or comparable quantitative risk management frameworks is a plus
- Innovative problem-solving skills with proven ability to exercise flexibility and judgement.
- Ability to learn, know and act upon what is important to Manulife and the specific service areas you support.
- Proven ability to build relationships, engage and influence others, work with a diverse internal and international user community, as well as vendors.
- Strong interpersonal skills, including demonstrated ability to be sensitive and professional when communicating across geographical and cultural boundaries.
- Effective influencing and negotiation skills with the aptitude to achieve consensus in a federated environment.
- Experience implementing and/or supporting a large-scale corporate enterprise solutions.
- Previous experience in the Financial, Insurance or Healthcare sectors considered an asset.
Work in tandem with multiple diverse and global groups simultaneously. Interpret and articulate the IRM standards, policies and goals in a way that engages the service areas to act, develop and implement plans. This may require influencing more senior levels within the organization. Able to deal with ambiguity especially when requirements are in flux and responsibility for delivery is shared among teams.
Position Dimensions (Organizational Impact):
Deliver Information Risk Management oversight practices and activities. Failure could potentially impact Manulife in achieving business goals and objectives, safeguarding its people and information assets, and continuing to meet the information risk management requirements of our clients, shareholders and regulators
This Position Description is intended to describe the general nature and level of the work being performed by employees in this job. It is not intended to be a complete list of all responsibilities, duties and skills required for this job classification.
If you are ready to unleash your potential, it's time to start your career with Manulife/John Hancock.
Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. We operate primarily as John Hancock in the United States and Manulife elsewhere. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. At the end of 2018, we had more than 34,000 employees, over 82,000 agents, and thousands of distribution partners, serving almost 28 million customers. As of December 31, 2018, we had over $1.1 trillion (US$794 billion) in assets under management and administration, and in the previous 12 months we made $29.0 billion in payments to our customers.
Our principal operations in Asia, Canada and the United States are where we have served customers for more than 100 years. With our global headquarters in Toronto, Canada, we trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.
Manulife is committed to supporting a culture of diversity and accessibility across the organization. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request an accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.