Information Risk Management Senior Specialist
Manulife
- Quezon City, Metro Manila
- Permanent
- Full-time
- Assisting project teams with identifying and validating security requirements or leading the completion of information risk assessments.
- Performing in-depth risk assessments on projects from technical security perspective to ensure that the security safeguards and controls are in-line with Manulife Security policy and standards.
- Providing input and recommendations to the ETS Service Areas on information security requirements and standard methodologies.
- Assisting with security incident investigations & service provider threat notifications.
- Support other operational security activities including oversight of ongoing security processes (e.g., incident response, ad hoc queries, periodic access reviews and vulnerability management)
- Help define and improve Information Security practices.
- Working with the ETS Service Areas on Go Live Acceptance Reviews for new infrastructure & services associated with that.
- Reporting on security metrics and compliance with company policies/standards.
- Take on other information risk management tasks as required.
- 2 to 5 years of relevant information security and information risk management experience.
- Professional certification(s) related to information security or information risk management such as CISSP, CRISC, CISM, CISA, GIAC are preferred.
- Solid understanding and experience in the following areas:
- Security architecture and controls in various infrastructure platforms (i.e. Windows, Unix, RH Linux, Virtual hosting, networking, end user technology, cloud computing including Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS)).
- Security systems such as privilege management system, SIEM/big data solution for security monitoring, NAC, vulnerability management solution and operating model, PKI/Encryption technology, APT solutions (FireEye, Z-scaler), Firewall/IPS, WAF etc.
- Knowledge of application security standard methodologies such as secure coding, security testing techniques
- Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
- Working experience with Cloud platforms such as Azure, AWS or GCP
- Windows and related services (i.e. Active Directory, DNS, IIS, MSSQL), Active Directory Federated Services and Protocols (i.e. ADFS, SAML)
- Collaboration and messaging platforms (i.e. Office 365, SharePoint)
- Mobile Devices along with Mobile Device Management / Mobile Application Management Platforms and Services
- Validated ability to establish relationships, engage and influence others, and work with diverse internal and international user communities as well as vendors
- Experience implementing and/or supporting a large-scale corporate enterprise solution.
- Experience with FAIR or comparable quantitative risk management frameworks is a plus
- Previous experience in the Financial, Insurance or Healthcare sectors considered an asset.
- Passionate about helping ETS Service Areas work towards their goals; understands that Information Security must enable the business.
- Strong written and verbal communication and effective negotiation skills.
- Deep technical skills and background with the ability to easily develop strong working capabilities with new technologies and the related security implications.
- Influences others across the organization to accomplish their objectives.
- Works independently and takes initiative.
- Handles conflict well and always maintains integrity.
- Takes ownership for their objectives and ensures they are achieved.
- Functions well as part of a distributed team.
- Strong analytical skills.
- Ability to step back for cross-organization context or to adjust to specific, detailed technology and/or risk review.