Information Risk Management (IRM) Lead

The Opportunity

This position will be assisting the Chief Risk Officer in the management of Information and Technology Risk Management for Manulife Insurance Berhad in alignment with the mandates and objectives from Global/Asia Information Risk Management (IRM) and regulatory requirements, as well as ensuring the company is compliant with the standards and guidelines of BNM Risk Management in Information Technology (RMIT) policy document.

• Participate in governance of information risk management as 2nd Line oversight function to support the implementation of internal risk framework, practices, and controls.
• Perform the 2nd Line IRM oversight on the Technology RCSA program, issues and the associated corrective action plan, and incidents.
• Keep apprised of current and emerging risks which could potentially affect the company’s risk profile.
• Provide guidance and support on implementation of global technology initiatives.
• Provide advisory and guidance on local information, cybersecurity and technology operational activities and regulatory risk to business.
• Work closely with Asia IRM to ensure IRM assessment/s is/are aligned with Manulife Global Standards.
• Work closely with local IT Governance to ensure holistic incident management, ensuring adequate communication, response and handling in the event of information/security risk incident/s and report to the management and regulator, if required.
• Work closely with relevant stakeholders to assess privacy incidents, Data Leak Prevention (DLP) cases etc. and escalate to the management and regulator, if required.
• Assume the Chief Information Security Officer (CISO) role and responsible for the technology risk management function of the financial institution and ensuring the company is compliant with BNM Risk Management in Information Technology (RMIT) policy document.
• Advise on critical technology projects and ensuring critical issues that may have an impact on the company’s risk tolerance are adequately deliberated or escalated in a timely manner.
• Provide independent views to the board and senior management on third party assessments per RMIT and deliberate the outcome to the Board.
• Conduct 2nd line review of cloud risk assessment of initiatives/projects involving cloud adoption and consider key risks and control measures (specified in RMIT Appendix 10) for BNM review and consultation sessions.
• Perform periodic gap analysis of existing practices in managing technology risk against RMIT requirements and highlight key implementation gaps and ensure the company maintains continuous compliance.
• Responsible for ensuring the company’s information assets and technologies are adequately protected, which includes formulating appropriate policies for the effective implementation of TRMF and CRF, enforcing compliance with these policies, frameworks, and other technology-related regulatory requirements; and advising senior management on technology risk and security matters, including developments in the financial institution’s technology security risk profile in relation to its business and operations.

• Holds a bachelor’s degree in Information Technology (IT) or Information Security (IS)
• 5 years’ experience in IRM / Information Security related roles within the financial industry
• Excellent technical skills in Technology Risk Management (TRM) and Information Security Management (ISM)
• Excellent communication skills
• Appreciation of different cultures
• Professional certificate holder – CISSP, CRISC, CISA, CSSLP, or CISM and/or others
• Experience in the following will be added advantage - Information Risk Assessment, IT/IS security controls review and Business continuity and disaster recovery

• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we’ll support you in shaping the future you want to see.

宏利金融公司是一家業界領先的國際金融服務商，致力於幫助人們實現「輕鬆投資理財，樂享豐盛人生」。若要進一步了解我們，請瀏覽 https://www.manulifeim.com/institutional/tw/en

在宏利／恒康，我們擁抱多元。我們致力於吸引、培養及挽留和所服務客戶同樣多元的員工，並從而營造包容的工作環境，接納文化和個體差異。我們矢志維持公平的招聘、挽留、晉升及薪酬制度，我們管理的所有實踐及項目不會因種族、血統、原籍地、膚色、族裔、國籍、宗教或宗教信仰、信仰、性別（包括懷孕及其相關情況）、性取向、遺伝特徵、退伍軍人身份、性別認同、性別表達、年齡、婚姻狀況、家庭狀況、殘疾或受適用法律保護的任何其他因素而區別對待。

我們的首要任務是消除障礙，為員工提供平等就業機會。人力資源部代表將盡力為應徵過程中提出要求的申請人提供合理協助。申請人要求提供協助所分享的信息將會按照適用法律及宏利／恒康政策儲存及使用。應徵過程中如需協助，請聯絡 recruitment@manulife.com。

混合式