Associate Director - Information Risk Management (Security Architect)

  • Competitive
  • Hong Kong Hong Kong Hong Kong HK
  • CDI, Plein-temps
  • Manulife Hong Kong
  • 17 juil. 18 2018-07-17

Associate Director - Information Risk Management (Security Architect)

Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.

Job Overview:

This role will participate in key projects and initiatives ensuring information risk is always considered and managed. He/she will join a vibrant and global information risk management practice and team that works hard to enable and facilitate business while protecting our people and key information assets located in eleven countries. This multi-discipline team pulls together a number of specialties forging strong ties between:

  • Information Security Management
  • Technology Risk Management
  • Strategic Planning, Services Integration & Information Protection
  • Business Continuity Management

  • Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses and risk assessments; studying architecture/platform; identifying integration issues.
  • Plans, research and design robust security architectures.
  • Deep technical understanding of and experience with security technologies including, but not limited to, single sign-on, active directory, multi-factor authentication, public key infrastructures, certification authorities, virtualization, privilege account management, web services, cryptographic, key management, intrusion detection/prevention, event correlation, antivirus, policy enforcement, security patch management, proxy controls, etc.
  • Lead/drive integration of new technologies, migration implementations, and major upgrades. Anticipates technical evolutions; designs and builds durable architectures.
  • Reducing information risk exposures by introducing a robust enterprise information risk management framework and supporting infrastructure for proactively identifying, managing, monitoring and reporting on critical information risk exposures.
  • Leverage GRC systems to comment on draft standards, track compliance to in-force standards and policies, monitor risk exceptions and acceptances, report on vendor assessments, follow and confirm compliance to regulations, etc.
  • Provide advisory and recommendation based on the add-value analysis on IT deficiencies from Audit and Risk Acceptance reports.
  • Collaborate with other IRM teams and professionals from Asia Technology Office, Business Units, Global Infrastructure Service, Divisional Information Risk Officer, Compliance, Audit Services, and peer Information Security Management leads across Manulife globally.
  • Contribute and shape divisional and global ISM projects and initiatives. Ensure division-specific requirements and needs are accommodated whenever possible and practical in initiatives, projects and services.
  • Provide advisory to business units in Divisions around current and emerging technology risks and their impact to the company's information risk profile.

  • University Degree with 12 years or more of progressive experience (wherein minimum 8 year of International working experience) in one or more of the following disciplines: Infrastructure/Application/Network, Information Risk Management, Audits, ITIL/COBIT frameworks, Security Solutions ideally with some of that time spent in a large/complex organization.
  • Practices and methods of IT strategy, enterprise architecture and security architecture.
  • Excellent communication skills including presentation skills and demonstrated ability to present at all organizational levels.
  • Data/information analysis and innovative problem solving skills with the proven ability to exercise flexibility and judgment.
  • Ability to learn, know and act upon what's important to Manulife and business units.
  • Proven ability to build relationships, engage and influence others, work with a diverse internal and international user community, as well as vendors.
  • Strong interpersonal skills, including demonstrated ability to be sensitive and professional when communicating across geographical and cultural boundaries.
  • Ability to work independently and collaboratively simultaneously, while managing multiple priorities within tight deadlines.
  • Process and results oriented, proactive, innovative and self-motivated.
  • Demonstrated strong understanding of technology, IT risk/compliance management processes and methodologies.
  • Security Certifications: CISM, CISSP and/or CISA, or designations in security, IT auditing is a plus, but not mandatory.

About Manulife

Manulife Financial Corporation is a leading international financial services group that helps people achieve their dreams and aspirations by putting customers' needs first and providing the right advice and solutions. We operate as John Hancock in the United States and Manulife elsewhere. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. At the end of 2016, we had approximately 35,000 employees, 70,000 agents, and thousands of distribution partners, serving more than 22 million customers. At the end of 2016, we had $977 billion (US$728 billion) in assets under management and administration, and in the previous 12 months we made almost $26 billion in payments to our customers.

Our principal operations are in Asia, Canada and the United States where we have served customers for more than 100 years. With our global headquarters in Toronto, Canada, we trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.

Manulife is committed to supporting a culture of diversity and accessibility across the organization. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request an accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.