Information Security Manager, Controls Testing and Governance
Manulife
- Quezon City, Metro Manila
- Permanent
- Full-time
- Competitive Salary packages and performance bonuses
- Day 1 HMO + FREE coverage for your dependents (inclusive of same-sex partners)
- Retirement savings benefit
- Rewarding culture that values wellness and well-being
- Performance Bonus
- Global network of industry experts
- Extensive training resources
- Work with regional and country L1B to deploy globally aligned risk assessment frameworks in Tech – such as RCSA, control and issue assessment;
- Conduct control testing base on pre-audit assessment and/or with reference from the global aligned technology processes;
- Responsible on controls testing to ensure both design and operating effectiveness identified via prep audit, RCSA and technology processes.
- Ensure that findings are accurate and agreed with stakeholders;
- Work with stakeholders to ensure that corrective action plans are well documented (Specific, Measurable, Attainable, Relevant, Time bound);
- Rigorously monitor and report the remediation activities;
- Interface with global stakeholders on control testing methodology and alignment with global programs, such as RCSA methodology and controls improvement initiatives.
- Responsible for the overall quality of control testing from effectiveness of internal, SOX audit program and technology processes.
- Work closely with team members and Asia Head of Information Security & Controls Governance.
- University/College graduate with 3 – 5 years of progressive experience related to technology risk, audit or Information Security Management, and 3+ years as an Information Security Auditor or Manager.
- Solid background in conducting IT general controls for audits and technology process, Information Security Management, Information Security Risk Assessment, Risk and Control Self-Assessment (RCSA) and other security audit processes like quality assurance and management of Self-Identified Issues (SIIs) and Corrective Action Plans (CAPs).
- Profound knowledge and understanding of Manulife’s Information Risk Management Framework (Risk Identification and Assessment, Risk Treatment, Risk Monitoring, Sustain and Independent Review) or any industry standard Risk Management Framework, CIA Triad (Confidentiality, Integrity and Availability), Zero-Trust Tolerance.
- Expert in the following technologies: JIRA, ServiceNow, Devo, PowerBI, Process Unity, Confluence, Archer.
- Knowledge of latest technology development and financial services / insurance business.
- Self-driven, able to meet objectives with a minimal amount of managerial oversight/supervision.
- Can distill complex issues into simple reports, solutions, and designs.
- A team player who can interact with other control functions on project delivery
- Advocate constant learning from both success and failure, and encourages openness to change and continuous improvement
- Excellent organizational and problem-solving abilities that enable you to manage through creative abrasion
- Can quickly review control environments, identify control gaps and establish effective remediation plan
- Strong stakeholder and people management skills and able to effectively articulate risk posture, technical vision, possibilities, and outcomes through strong verbal and written communication
- Proficient in English, both verbal and written, and proficiency in other Asian language would be a plus.
- Amenability and readiness to work onsite and from home anytime (dependent on business need AND/OR current external environment/situation)
- Shift Schedule : Morning Shift (9am to 6pm) Asia Time