- Information Security Management
- Technology Risk Management
- Strategic Planning, Services Integration & Information Protection
- Business Continuity Management
- Determines security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues;
- Plans, research and design robust security architectures;
- Deep technical understanding of and experience with security technologies including, but not limited to, single sign-on, active directory, multi-factor authentication, public key infrastructures, certification authorities, virtualization, privilege account management, web services, cryptographic, key management, intrusion detection/prevention, event correlation, firewall, antivirus, anti-spam, policy enforcement, patch/configuration management, application whitelisting, etc.
- Leads/coordinates integration of new technologies, migration implementations, and major upgrades. Anticipates technical evolutions; designs and builds durable architectures.
- Reducing information risk exposures by introducing a robust enterprise information risk management framework and supporting infrastructure for proactively identifying, managing, monitoring and reporting on critical information risk exposures.
- Leverage GRC systems to comment on draft standards, track compliance to in-force standards and policies, monitor risk exceptions and acceptances, report on vendor assessments, follow and confirm compliance to regulations, etc.
- Provide advisory and recommendation based on the add-value analysis on IT deficiencies from Audit and Risk Acceptance reports
- Collaborate with other IRM teams and professionals from Asia Technology Office, Business Units, Global Infrastructure Service, Divisional Information Risk Officer, Compliance, Audit Services, and peer Information Security Management leads across Manulife globally.
- Contribute and shape divisional and global ISM projects and initiatives. Ensure division-specific requirements and needs are accommodated whenever possible and practical in initiatives, projects and services.
- Provide advisory to business units in Divisions around current and emerging technology risks and their impact to the company’s information risk profile
- University Degree with 10+ years of progressive experience in one or more of the following disciplines: Information Technology/Application/Platform/Network, Information Risk Management, Audits, ITIL/COBIT frameworks, Security Solutions ideally with some of that time spent in a large and complex organization.
- Practices and methods of IT strategy, enterprise architecture and security architecture
- Professional certifications or designations in security, IT auditing is a plus, but not a requirement.
- Security Certifications: CISM, CISSP and/or CISA, but not mandatory
- Excellent communication skills (oral and written) including presentation skills and demonstrated ability to present at all organizational levels.
- Innovative problem solving skills with the proven ability to exercise flexibility and judgment.
- Ability to learn, know and act upon what’s important to Manulife and business units.
- Proven ability to build relationships, engage and influence others, work with a diverse internal and international user community, as well as vendors.
- Strong interpersonal skills, including demonstrated ability to be sensitive and professional when communicating across geographical and cultural boundaries.
- Ability to work independently and collaboratively simultaneously, while managing multiple priorities within tight deadlines.
- Process and results oriented.
- Proactive, innovative, self-motivated and work independently
- Proven ability to multi-task, manage and work on tasks concurrently
- Good interpersonal communication, management and presentation