Information Risk Management (IRM) Lead

The Opportunity

This position will be assisting the Chief Risk Officer in the management of Information and Technology Risk Management for Manulife Insurance Berhad in alignment with the mandates and objectives from Global/Asia Information Risk Management (IRM) and regulatory requirements as well as ensuring the company is compliant with the standards and guidelines of BNM Risk Management in Information Technology (RMIT) policy document.

Position Responsibilities:

• Participate in governance of information risk management as 2nd Line oversight function to support the implementation of internal risk framework practices and controls.

• Perform the 2nd Line IRM oversight on the Technology RCSA program issues and the associated corrective action plan and incidents.

• Keep apprised of current and emerging risks which could potentially affect the companys risk profile.

• Provide guidance and support on implementation of global technology initiatives.

• Provide advisory and guidance on local information cybersecurity and technology operational activities and regulatory risk to business.

• Work closely with Asia IRM to ensure IRM assessment/s is/are aligned with Manulife Global Standards.

• Work closely with local IT Governance to ensure holistic incident management ensuring adequate communication response and handling in the event of information/security risk incident/s and report to the management and regulator if required.

• Work closely with relevant stakeholders to assess privacy incidents Data Leak Prevention (DLP) cases etc. and escalate to the management and regulator if required.

• Assume the Chief Information Security Officer (CISO) role and responsible for the technology risk management function of the financial institution and ensuring the company is compliant with BNM Risk Management in Information Technology (RMIT) policy document.

• Advise on critical technology projects and ensuring critical issues that may have an impact on the companys risk tolerance are adequately deliberated or escalated in a timely manner.

• Provide independent views to the board and senior management on third party assessments per RMIT and deliberate the outcome to the Board.

• Conduct 2nd line review of cloud risk assessment of initiatives/projects involving cloud adoption and consider key risks and control measures (specified in RMIT Appendix 10) for BNM review and consultation sessions.

• Perform periodic gap analysis of existing practices in managing technology risk against RMIT requirements and highlight key implementation gaps and ensure the company maintains continuous compliance.

• Responsible for ensuring the companys information assets and technologies are adequately protected which includes formulating appropriate policies for the effective implementation of TRMF and CRF enforcing compliance with these policies frameworks and other technology-related regulatory requirements; and advising senior management on technology risk and security matters including developments in the financial institutions technology security risk profile in relation to its business and operations.

Required Qualifications:

• Holds a bachelors degree in Information Technology (IT) or Information Security (IS)

• 5 years experience in IRM / Information Security related roles within the financial industry

• Excellent technical skills in Technology Risk Management (TRM) and Information Security Management (ISM)

• Excellent communication skills

• Appreciation of different cultures

• Professional certificate holder CISSP CRISC CISA CSSLP or CISM and/or others

• Experience in the following will be added advantage -Information Risk Assessment IT/IS security controls review and Business continuity and disaster recovery

When you join our team:

• Well empower you to learn and grow the career you want.

• Well recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our global team well support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider helping people make their decisions easier and lives better. To learn more about us visit is an Equal Opportunity Employer

At Manulife/John Hancock we embrace our diversity. We strive to attract develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment retention advancement and compensation and we administer all of our practices and programs without discrimination on the basis of race ancestry place of origin colour ethnic origin citizenship religion or religious beliefs creed sex (including pregnancy and pregnancy-related conditions) sexual orientation genetic characteristics veteran status gender identity gender expression age marital status family status disability or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process contact .