Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.
The Senior Consultant, Information Risk Management in Singapore will act as a subject matter expert who assists divisional business partners and IT colleagues to identify, quantify and manage their information and technology risks from a confidentiality, integrity, availability and regulatory compliance perspective.
You will help shape IT and vendor-related engagements or projects in Singapore from a technology security and information protection perspective by ensuring that security and system recovery considerations are embedded.
Your job responsibilities will include:
- Information Security and Information Protection
- Risk & Control Assessments
- Vendor Risk Management
- IS Audit and Compliance Support
- Business Continuity and Disaster Recovery Management
- Managing IT Audits and facing up to auditors and regulators
- Manage the IRM process and framework
- Feed into various Risk reports and adhere to regional and global risk process and reports
- Perform Information Risk Assessments for various projects and initiatives
- Keep yourself and the IT and business abreast with the latest IRM and Security incidents, vulnerabilities and trends and plan appropriate defensive and mitigation actions
- Lead information security, technology risk and business continuity program activities, including implementing controls and facilitating information and vendor risk assessments.
- Provide information security, system recovery and regulatory compliance consulting services to business and IT partners to mitigate their risks to an acceptable level.
- Lead / support technical project risk assessments from an information risk management perspective, including risk identification based on information criticality through to control implementation and the management of risk acceptance by business areas.
- Assess current and potential vendors (e.g., software, hosting environments) from a technical security and information risk management perspective. You’ll work with partners like vendor management, architecture, legal, and compliance to safeguard information assets with the right level of protection.
- Support operational information risk activities including providing local oversight of security processes for incident/crisis management, access management, vulnerability and patch management, as well as operational processes for business continuity and disaster recovery.
- Coordinate IT audits conducted by Audit Services, regulators, clients and third-party auditors. Help in drafting responses and remediation plans. Ensure evidence is collected and shared in a timely fashion and all outstanding issues are closed as committed. Manage third-party IT audit engagements as required.
- Lead project risk assessments from a technical security and information risk management perspective (includes risk identification based on information criticality through to control implementation and management of risk acceptance by business areas).
- Support security program activities like performing/facilitating application security assessments (e.g., penetration tests), and providing application security consulting services to IT and other relevant partners and clients. You’ll identify vulnerabilities and work with information owners and other stakeholder groups to ensure that together, we respond to their risks appropriately.
- Be part of an active team who remains current on emerging risks and technologies, key developments and strategies for the businesses we support. Keep abreast of new thoughts, tools and approaches within the IRM discipline. Stay informed on emerging technologies, key business drivers, evolving threats and opportunities from both the business and IRM.
- Collaborate with other IRM professionals including the Director of Information Security Management, the Director of Technology Risk Management, the Director of Business Continuity Management, the Divisional Information Risk Officer and other IRM professionals across Manulife globally.
- Contribute and participate in divisional and global IRM projects and initiatives as requested. Ensure business-specific requirements and needs tied to Asia are accommodated whenever possible and practical in initiatives, projects and services. Additional duties as assigned.
- Five years or more of progressive information risk management experience in one or more disciplines: project/vendor risk assessment, network security, infrastructure/platform security, data/application security, vulnerability/patch management, IT auditing, IT risk and control assessments, and business continuity/disaster recovery planning.
- Professional certification or designation in information security, IT auditing, business continuity and/or disaster recovery a plus, but not a requirement.
- University Degree (Computer Science, Business or Finance preferred, but not required).
- Excellent communication skills in English (oral and written) including presentation skills with demonstrated ability to present at all organizational levels.
- Ability to work independently and as part of a team, managing multiple priorities within tight deadlines.
- Innovative problem solving skills with proven ability to exercise flexibility and judgment.
- Ability to learn, know and act upon what is important to Manulife and the specific business units you support.
- Proven ability to build relationships, engage and influence others, work with a diverse internal and international user community, as well as vendors.
- Strong interpersonal skills, including demonstrated ability to be sensitive and professional when communicating across geographical and cultural boundaries.
- Effective influencing and negotiation skills with the aptitude to achieve consensus in a federated environment.
Manulife Financial Corporation is a leading international financial services group that helps people achieve their dreams and aspirations by putting customers' needs first and providing the right advice and solutions. We operate as John Hancock in the United States and Manulife elsewhere. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. At the end of 2016, we had approximately 35,000 employees, 70,000 agents, and thousands of distribution partners, serving more than 22 million customers. At the end of 2016, we had $977 billion (US$728 billion) in assets under management and administration, and in the previous 12 months we made almost $26 billion in payments to our customers.
Our principal operations are in Asia, Canada and the United States where we have served customers for more than 100 years. With our global headquarters in Toronto, Canada, we trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.
Manulife is committed to supporting a culture of diversity and accessibility across the organization. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request an accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.