Head of Security Risk Assessments & Advisory

The Head of Security Risk Assessment and Advisory provides regional leadership for all security assessment and advisory activities across Asia. The role leads the Cyber Assessment and Risk Evaluation team the Future Oriented Risk and Cyber Evaluation team and Cyber Advisory Services. Together these teams deliver Information Risk Assessments cloud and application security validations emerging technology reviews and advisory support for major technology and transformation initiatives.

The role is accountable for ensuring that assessment methodologies are applied consistently across markets that assessments include the required technical depth and that documentation meets enterprise expectations. The position also establishes sustainable in region capability for hands on evaluation of security tools integrations and automation patterns. This reduces ongoing dependency on North America for engineering aligned assessments and strengthens Asias ability to support cloud adoption emerging technologies and regional transformation programs such as AliCloud and Panda.

This is a senior leadership role within the Asia CISO organisation. It requires deep technical expertise strong analytical capability and the ability to guide stakeholders across a diverse set of markets technologies and regulatory environments.

Responsibilities:
1. Provide regional leadership for all security assessment activities including Information Risk Assessments for applications cloud services infrastructure and technology initiatives.
2. Oversee cloud and application security validation to ensure secure design configuration and alignment to enterprise security standards.
3. Lead the assessment of emerging and advanced technologies including artificial intelligence generative artificial intelligence advanced cloud patterns and modern integration architectures.
4. Establish and maintain consistent templates methodologies and documentation standards for assessment activities across Asia.
5. Provide advisory guidance on security requirements secure design principles risk treatment options and regulatory considerations for transformation initiatives.
6. Build sustainable in region engineering aligned capability for evaluating security tools system integrations and automation patterns reducing reliance on North America for technical validation.
7. Produce clear and concise evaluation summaries technical reports and recommendations to support architecture decisions solution selection and investment planning.
8. Collaborate with regional security architects global architecture teams and global cybersecurity assessment functions to ensure alignment with enterprise patterns architectural standards and tooling expectations.
9. Support regulatory and audit requests by ensuring consistent and defensible assessment documentation is available.

Individual Accountabilities:
Accountability for the quality depth and consistency of all Information Risk Assessments delivered across Asia.
Lead the uplift and enhancement of assessment methodologies templates and technical evaluation standards to ensure they are applied consistently and with appropriate depth across Asia.
Prioritisation of assessment workloads and allocation of specialist resources for programs and markets.
Finalisation of recommendations for high impact or high-risk technology initiatives.
Accountability for establishing and maturing in region technical evaluation capability including evaluation frameworks evidence expectations and reusable assessment artefacts.

Key Shared Accountabilities:
Partner with Country Cyber Leads (BUSOs) to ensure assessment outputs address local regulatory expectations and market specific considerations.
Collaborate with Cyber Risk Management and Resiliency to ensure residual risks are documented consistently and incorporated into risk reporting and prioritisation.
Work with Security Engineering and Enablement Security Architecture and Cybersecurity Assessments to validate architectural patterns control implementations and secure development requirements.
Engage Cyber Program Delivery to align assessment delivery timelines with program and market milestones and support clear communication of risks and remediation expectations.
Maintain close collaboration with Global Cybersecurity Assessments on penetration testing and validation activities.

Knowledge/Skills/Competencies/Education:
Significant experience (typically 12 or more years) in cybersecurity with strong emphasis on security assessments cloud security security architecture or technical consulting.
Strong understanding of cloud security patterns secure design principles identity and access management application security and platform engineering.
Hands on experience with technical evaluation of security tools integrations and automation patterns.
Ability to interpret and communicate complex technical risks to senior business and technology stakeholders.
Demonstrated ability to lead high performing technical teams across multiple countries and collaborate effectively with diverse market stakeholders.
Experience supporting transformation programs cloud migration initiatives or implementation of enterprise security capabilities.
Professional certifications such as CISSP CCSP CCSK or equivalent are preferred.

Fluency in spoken Mandarin is required.

When you join our team:

• Well empower you to learn and grow the career you want.

• Well recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our global team well support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider helping people make their decisions easier and lives better. To learn more about us visit is an Equal Opportunity Employer

At Manulife/John Hancock we embrace our diversity. We strive to attract develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment retention advancement and compensation and we administer all of our practices and programs without discrimination on the basis of race ancestry place of origin colour ethnic origin citizenship religion or religious beliefs creed sex (including pregnancy and pregnancy-related conditions) sexual orientation genetic characteristics veteran status gender identity gender expression age marital status family status disability or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process contact .