Information Risk Management Lead

We are a leading financial services provider committed to making decisions easier and lives better for our customers and colleagues around the world. From our environmental initiatives to our community investments, we lead with values throughout our business. To help us stand out, we help you step up, because when colleagues are healthy, respected and meaningfully challenged, we all thrive. Discover how you can grow your career, make impact and drive real change with our Winning Team today.

**Working Arrangement**

Hybrid

**The Opportunity**

This position will be assisting the Chief Risk Officer in the managing of Information and Technology Risk Management for Manulife Insurance Berhad in alignment with the mandates and objectives from Global/Asia Information Risk Management (IRM) and regulatory requirements, as well as ensuring the company is compliant with the standards and guidelines of BNM Risk Management in Information Technology (RMIT) policy document.

**What motivates you?**
- You obsess about customers, listen, engage and act for their benefit
- You think big, with curiosity to discover ways to use your agile mindset and enable business outcomes
- You thrive in teams, and enjoy getting things done together
- You take ownership and build solutions, focusing on what matters
- You do what is right, work with integrity and speak up
- You share your humanity, helping us build a diverse and inclusive work environment for everyone

**We are looking for someone with**:

- Holds a bachelor’s degree in Information Technology (IT) or Information Security (IS)
- 5 years’ experience in IRM / Information Security related roles within the financial industry
- Excellent technical skills in Technology Risk Management (TRM) and Information Security Management (ISM)
- Excellent communication skills
- Appreciation of different cultures
- Professional certificate holder - CISSP, CRISC, CISA, CSSLP, or CISM and/or others
- Experience in the following will be added advantage -Information Risk Assessment, IT/IS security controls review and Business continuity and disaster recovery

**On the job you will**:

- Participate in governance of information risk management as 2nd Line oversight function to support the implementation of internal risk framework, practices, and controls.
- Perform the 2nd Line IRM oversight on the Technology RCSA program, issues and the associated corrective action plan, and incidents.
- Keep apprised of current and emerging risks which could potentially affect the company’s risk profile.
- Provide guidance and support on implementation of global technology initiatives.
- Provide advisory and guidance on local information, cybersecurity and technology operational activities and regulatory risk to business.
- Work closely with Asia IRM to ensure IRM assessment/s is/are aligned with Manulife Global Standards.
- Work closely with local IT Governance to ensure holistic incident management, ensuring adequate communication, response and handling in the event of information/security risk incident/s and report to the management and regulator, if required.
- Work closely with relevant stakeholders to assess privacy incidents, Data Leak Prevention (DLP) cases etc. and escalate to the management and regulator, if required.
- Assume the Chief Information Security Officer (CISO) role and responsible for the technology risk management function of the financial institution and ensuring the company is compliant with BNM Risk Management in Information Technology (RMIT) policy document.
- Advise on critical technology projects and ensuring critical issues that may have an impact on the company’s risk tolerance are adequately deliberated or escalated in a timely manner.
- Provide independent views to the board and senior management on third party assessments per RMIT and deliberate the outcome to the Board.
- Conduct 2nd line review of cloud risk assessment of initiatives/projects involving cloud adoption and consider key risks and control measures (specified in RMIT Appendix 10) for BNM review and consultation sessions.
- Perform periodic gap analysis of existing practices in managing technology risk against RMIT requirements and highlight key implementation gaps and ensure the company maintains continuous compliance.
- Responsible for ensuring the company’s information assets and technologies are adequately protected, which includes formulating appropriate policies for the effective implementation of TRMF and CRF, enforcing compliance with these policies, frameworks, and other technology-related regulatory requirements; and advising senior management on technology risk and security matters, including developments in the financial institution’s technology security risk profile in relation to its business and operations.

**What can we offer you?**
- A competitive salary and benefits packages.
- A growth trajectory that extends upward and outward, encouraging you to follow your passions and learn new sk