Senior Consultant

Manila, Manulife Business Processing Services


Manulife is a leading financial services group. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. 

View company page

We are a leading financial services provider committed to making decisions easier and lives better for our customers and colleagues around the world. From our environmental initiatives to our community investments, we lead with values throughout our business. To help us stand out, we help you step up, because when colleagues are healthy, respected and meaningfully challenged, we all thrive. Discover how you can grow your career, make impact and drive real change with our Winning Team today. 

Working Arrangement


Job Description

The Senior Consultant, Vendor Information Security Management reports locally to the Vendor Governance and Risk Management Lead in MBPS and is responsible for supporting the VISM team in the delivery of Third-Party Risk Management Center of Expertise (COE) services. The incumbent will have a deep understanding of Information Security industry standards and best practices.  The individual is accountable for driving and monitoring compliance to the Company’s Third-Party Risk Management Policy. As a subject matter expert, the incumbent is expected to contribute to development and delivery of vendor information security management training and provide input to relevant policies, processes and tools.  In this capacity, the individual must be skilled in influencing others to assess and monitor vendor information security risk following the risk management policy.

Key Accountabilities

  • Review of independent audit reports, penetration testing reports, vulnerability management reports etc.
  • Draft final output/deliverable, the vendor information risk assessment memos for approval by business owners.
  • Review third-party contracts to help ensure key terms and conditions are included to safeguard Manulife information assets.
  • Participate in scoping calls with the Business Owner and IT Subject Matter Expert/s to understand the engagement to help (1) Identify material risks to the company and (2) Know what applicable IT Security Controls should be in place.
  • Report on the status of vendor risk assessment assignments in weekly team meetings and stand-up meetings with onshore counterparts/stakeholders.
  • Support IT audits conducted by Audit Services, regulators, clients, and third-party auditors.
  • Be part of an active team who remains current on emerging risks and technologies, key developments, and strategies for the businesses we support.
  • Stay informed on emerging technologies, key business drivers, evolving threats and opportunities. 
  • Additional duties as assigned in information security and business continuity management domains.


  • 7 years of experience in Technology, Technology Risk and Controls, Technology Audit, Cybersecurity, Application Security, Network Security, Cyber Resiliency and Third-Party Outsourcing Risk Management within a large enterprise level environment.
  • Bachelor's degree (Computer Science, Business or Finance preferred, but not required)..
  • Must have experience performing vendor risk assessment and experience with reviews of third-party assurance reports (SOC2, ISO 27001).
  • Holds an internationally recognized Security Certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor. etc.
  • Knowledge of and experience with industry risk frameworks and information security standards (ISO27001, NIST Cybersecurity Framework, PCI DSS, HITRUST, etc.)
  • Experienced in Archer, Process Unity or any Vendor Risk Management tool is preferred.

Soft Skills

  • Ability to manage and work on multiple assignments simultaneously with minimal supervision.
  • Lead medium to large size projects or work streams with moderate resource requirements, risk and/or complexity with multiple teams representing different interests.
  • Strong facilitation skills and can communicate difficult concepts and information to customers; converts technical information into business information and advice.
  • Interprets internal/external business challenges and recommends course of actions and market best practices to improve products, processes, or services.
  • Influences others to adopt a different point of view.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Asia, Canada, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups and institutions. At the end of 2022, we had more than 40,000 employees, over 116,000 agents, and thousands of distribution partners, serving over 34 million customers. At the end of 2022, we had $1.3 trillion (US$1.0 trillion) in assets under management and administration, including total invested assets of $0.4 trillion (US $0.3 trillion), and segregated funds net assets of $0.3 trillion (US$0.3 trillion). We trade as ‘MFC’ on the Toronto, New York, and the Philippine stock exchanges, and under ‘945’ in Hong Kong.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law. 

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application processAll information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Application security Audits CISA CISM CISSP Compliance Computer Science Finance Governance HITRUST ISO 27001 Monitoring Network security NIST PCI DSS Pentesting Risk assessment Risk management SOC 2 Vulnerability management

Perks/benefits: Career development Insurance

Region: Asia/Pacific
Country: Philippines
Job stats:  3  0  0
Category: Consulting Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.