Information Risk Management Senior Specialist

Posted:
9/3/2024, 7:07:07 PM

Location(s):
Ho Chi Minh City, Vietnam

Experience Level(s):
Senior

Field(s):
IT & Security

On the job you will: 

The individual is responsible for supporting the IT Control and Governance (ITCG) Lead in alignment with Manulife information risk management programs and other mandates from Country, Asia segment and Global ITCG.  

As an IRM specialist, the individual shall liaise with key stakeholders from Country Information Services, Business Units, Risk and Compliance, Asia ITCG and Center of Excellence teams to ensure IRM control objectives are met, as well as maintaining the resilience and a healthy security posture for Manulife Vietnam.

Key Result Areas:

  • Main point of contact from Vietnam Information Services for internal and external audits and assessments. Coordinate audit activities with Information Services teams and ensure the timely reporting and remediation of audit findings.
  • Country response unit for information security incidents. Liaise with Security Operation Centers, Global Incident Response, and other country stakeholders to ensure security incidents are appropriately resolved and reported.
  • Coordinate country local security activities, including but not limited to application security scanning and penetration test, logical access reviews, information risk awareness and readiness for the Business Units.
  • Supports ongoing management of application security vulnerabilities through a centralized vulnerability tracking system and defect tracking system.
  • Support ITCG Lead to oversee the participation of Information Services in the company Business Continuity Management program. Work with Information Services teams and Application owners to conduct Disaster Recovery exercises for business applications.
  • Drives execution of the IT Risk and Controls Self Assessment Program (RCSA) processes for applications, infrastructure, and processes.
  • Assists in the development of application security components throughout all stages of the Software Development Life Cycle (SDLC). Participate in the Change Advisory Board to ensure security governance over system changes.
  • Assist to prepare management reports for local risk profiles and appetites, IRM performance metrics, risk exposures, open IRM issues and corrective action plans.
  • Assist ITCG Lead in providing advisory and security recommendations to Vietnam Information Services and Business units. Ensure compliance with the requirements from IRM policies and guidelines throughout projects delivery.
  • Assist ITCG Lead to perform and validate Information and Vendor Risk Assessment, participate in due diligence on vendor selection process, identify potential risk and provide guidance of risk mitigation and acceptance process.
  • Supports policy maker in the development, implementation, and maintenance of cybersecurity governance frameworks, policies, and procedures aligned with industry standards and local and international regulatory requirements.
  • Other IRM tasks as assigned by ITCG Lead.


What motivates you? 

  • You obsess about customers, listen, engage, and act for their benefit
  • You think big, with curiosity to discover ways to use your agile mindset and enable business outcomes
  • You thrive in teams, and enjoy getting things done together
  • You take ownership and build solutions, focusing on what matters
  • You do what is right, work with integrity and speak up
  • You share your humanity, helping us build a diverse and inclusive work environment for everyone 


What motivates you?

  • You obsess about customers, listen, engage and act for their benefit.
  • You think big, with curiosity to discover ways to use your agile approach and enable business outcomes.
  • You thrive in teams and enjoy getting things done together.
  • You take ownership and build solutions, focusing on what matters.
  • You do what is right, work with integrity and speak up.
  • You share your humanity, helping us build a diverse and inclusive work environment for everyone.

What We Are Looking For

Experiences and Qualifications:

  • University graduate with minimum 3 years solid experience in IT governance and IT Security Management gained in financial industry preferable.
  • Experience in information risk, IT audit and compliance.
  • Hold on security certificate is a plus.
  • Auditing / Consulting background is a plus

Core Competencies and Skills:

  • Proficient in English, spoken and written.
  • Having high integrity and professional work practice.
  • Appreciation of peoples and cultures of different countries.
  • Good analytical, teamwork capability and able to work independently.
  • Good interpersonal communication, management and presentation skills.
  • Good audit skills and techniques

What Can We Offer You

  • A competitive salary and benefits packages.
  • A growth trajectory that extends upward and outward, encouraging you to follow your passions and learn new skills.
  • A focus on growing your career path with us.
  • Flexible work policies and strong work-life balance.
  • Professional development and leadership opportunities.

Our commitment to you

  • Values-first culture We lead with our Values every day and bring them to life together.
  • Boundless opportunity We create opportunities to learn and grow at every stage of your career.
  • Continuous innovation We invite you to help redefine the future of financial services.
  • Delivering the promise of Diversity, Equity and Inclusion We foster an inclusive workplace where everyone thrives.
  • Championing Corporate Citizenship We build a business that benefits all stakeholders and has a positive social and environmental impact.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact [email protected].

Working Arrangement

In Office