Technology Risk and Business Continuity Lead

Posted:
12/18/2024, 1:24:22 PM

Location(s):
Manila, Metro Manila, Philippines ⋅ Metro Manila, Philippines

Experience Level(s):
Senior

Field(s):
Business & Strategy ⋅ IT & Security

MediCard Phils., Inc. is one of the country's leading HMO and the only HMO founded and run by Doctors. Since its inception, the concept of service-oriented total health care has been the molding ideal of MediCard.  The competition is vast, and the benefits being offered by the competitors are tempting.  However, MEDICard has taken the lead in providing innovative and productive ideas that cut down the cost of health maintenance without compromising its quality.

MediCard now boasts of more than half a million members and over 54,000 accredited doctors in over 1,000 hospitals and clinics nationwide. It also operates 16 MediCard free-standing clinics that provide services at par with those offered by hospitals minus the confinement.

MediCard is currently looking for assertive, dynamic and energetic individuals to fill up the following vacancy:

The incumbent will acts as an expert advisor to management concerning risk involving or affecting technology, and ensures that technology risks are appropriately identified, measured, assessed and mitigated in the right priority.
The incumbent will also develop, implement, and lead the Company’s business continuity program in line with Group standards and local regulations.

Technology Risk Lead
Develop and lead security governance framework & risk portfolio, in accordance with AIA's IT control policies and guidelines.
Conduct gap analysis on various regulatory requirement and drive program to bridge the gap.
Lead and coordinate cyber security assessments and industry compliance assessments.
Define and supervise relevant KRls related to IT risks and provide regular update to Operational Risk Committee, and update Group Technology Risk when vital.
Partner with risk owners to drive the identification and assessment, management and response, monitoring, and controls of data and technology risks on key initiatives and projects
Serve as subject expert in examining Risk Papers of key projects.
Drive the establishment of operation processes for leading the life cycle of identity information; user access:, and privileged ID usage, protection of the critical data, cloud security, with the use of the state-of-the-art vendor solutions.
Partner with Group Office to evaluate new tech risk solutions and assess the implementation risk of the group-wide projects.
Interface and liaise with business key team members (e.g. HR1 PD, Customer Experience and Transformation1 Health &. Wellness Strategy Management etc.) to roll out new Technology Risk initiatives and uplift the security of the business applications.
Support the CRO and the Head of Tech Risk & BCM to explore and deliver new and secure IT solutions and evaluate new IT strategic partners.
 Lead the communications with Group Office, business partners, corporate clients and other external parties on IT security matters.
Develop plans to uplift the technology risk standard and resiliency across the organization.
Provide governance and support over IT security, cybersecurity and cloud security products and services, including but not limited to: identity and access management (l&AM), data loss protection (DLP), network security, end point and data loss protection, secure file exchanges and vulnerability management.
Supervise security incident response, handling and investigation process.
Business Continuity
Maintain the corporate wide business continuity program that addresses disaster recovery, business recovery and emergency response management
 Work with senior members of the Technology, Operations and Risk leadership teams to ensure that remediation plans are implemented and tracked accordingly.
Lead and support annual business recovery exercises, which may include Dedicated Recovery Sites (DRS), Remote Access, Alternate Office, and Work Transfer, depending on function and location
 Help the business functions to conduct periodic Business Impact Analysis, identify recovery requirements and work with the business continuity coordinators to develop and implement recovery plans in the event of a business disruption.
Identify opportunities for strategic improvement or mitigation of business interruption and other risks caused by business, regulatory, or industry-specific change initiatives.
Plan and coordinate all business continuity testing and exercises. Coordinate and facilitate regular, complete, and significant BCM tests and post-exercise reports.
 Work closely with IT, Operations, and other business units to develop/maintain DR plans for critical systems and applications and to ensure that internal recovery sites are updated and functioning properly. This includes reviewing business impact assessments reports and conducting challenge sessions to ensure appropriate tiering and Recovery Time Objective/Maximum Tolerable Period of Disruption levels are assigned.
Liaise with Business Continuity Coordinators to develop effective working relationships.
Liaise with contract owners and lead company's BCM readiness assessment for Third Parties.
Perform threat and risk assessment pertaining to Business Continuity to identify points of vulnerability, single points of failure and identify risk avoidance and mitigation strategies.
Assist in crisis management as BCM subject matter expert in the event of a business interruption.
 Provide regular status updates until closure to Group/ BU key stakeholders during the major incidents.
Develop and deliver appropriate BCM education and awareness programme
Develop regular BCM program status reports to Group and local management.
Analyze and report on implications of regulatory requirements and industry guidance on BCP/DR programs.

You must provide all requested information, including Personal Data, to be considered for this career opportunity. Failure to provide such information may influence the processing and outcome of your application. You are responsible for ensuring that the information you submit is accurate and up-to-date.