Information Risk Management

The Opportunity

This position will be assisting the Chief Risk Officer in the management of Information and Technology Risk Management for Manulife Insurance Berhad in alignment with the mandates and objectives from Global/Asia Information Risk Management (IRM) and regulatory requirements, as well as ensuring the company is compliant with the standards and guidelines of BNM Risk Management in Information Technology (RMIT) policy document.

Position Responsibilities:

• Participate in governance of information risk management as 2nd Line oversight function to support the implementation of internal risk framework, practices, and controls.

• Perform the 2nd Line IRM oversight on the Technology RCSA program, issues and the associated corrective action plan, and incidents.

• Keep apprised of current and emerging risks which could potentially affect the company's risk profile.

• Provide guidance and support on implementation of global technology initiatives.

• Provide advisory and guidance on local information, cybersecurity and technology operational activities and regulatory risk to business.

• Work closely with Asia IRM to ensure IRM assessment/s is/are aligned with Manulife Global Standards.

• Work closely with local IT Governance to ensure holistic incident management, ensuring adequate communication, response and handling in the event of information/security risk incident/s and report to the management and regulator, if required.

• Work closely with relevant stakeholders to assess privacy incidents, Data Leak Prevention (DLP) cases etc. and escalate to the management and regulator, if required.

• Assume the Chief Information Security Officer (CISO) role and responsible for the technology risk management function of the financial institution and ensuring the company is compliant with BNM Risk Management in Information Technology (RMIT) policy document.

• Advise on critical technology projects and ensuring critical issues that may have an impact on the company's risk tolerance are adequately deliberated or escalated in a timely manner.

• Provide independent views to the board and senior management on third party assessments per RMIT and deliberate the outcome to the Board.

• Conduct 2nd line review of cloud risk assessment of initiatives/projects involving cloud adoption and consider key risks and control measures (specified in RMIT Appendix 10) for BNM review and consultation sessions.

• Perform periodic gap analysis of existing practices in managing technology risk against RMIT requirements and highlight key implementation gaps and ensure the company maintains continuous compliance.

• Responsible for ensuring the company's information assets and technologies are adequately protected, which includes formulating appropriate policies for the effective implementation of TRMF and CRF, enforcing compliance with these policies, frameworks, and other technology-related regulatory requirements; and advising senior management on technology risk and security matters, including developments   in the financial institution's technology security risk profile in relation to its business and operations.  

Required Qualifications:

• Holds a bachelor's degree in Information Technology (IT) or Information Security (IS)

• 5 years' experience in IRM / Information Security related roles within the financial industry

• Excellent technical skills in Technology Risk Management (TRM) and Information Security Management (ISM)

• Excellent communication skills

• Appreciation of different cultures

• Professional certificate holder – CISSP, CRISC, CISA, CSSLP, or CISM and/or others

• Experience in the following will be added advantage -Information Risk Assessment, IT/IS security controls review and Business continuity and disaster recovery

When you join our team:

• We'll empower you to learn and grow the career you want.

• We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our global team, we'll support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact

Working Arrangement