Manila, Manulife Business Processing Services
ManulifeManulife is a leading financial services group. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions.
We are a leading financial services provider committed to making decisions easier and lives better for our customers and colleagues around the world. From our environmental initiatives to our community investments, we lead with values throughout our business. To help us stand out, we help you step up, because when colleagues are healthy, respected and meaningfully challenged, we all thrive. Discover how you can grow your career, make impact and drive real change with our Winning Team today.
The Senior Consultant, Vendor Information Security Management reports locally to the Vendor Governance and Risk Management Lead in MBPS and is responsible for supporting the VISM team in the delivery of Third-Party Risk Management Center of Expertise (COE) services. The incumbent will have a deep understanding of Information Security industry standards and best practices. The individual is accountable for driving and monitoring compliance to the Company’s Third-Party Risk Management Policy. As a subject matter expert, the incumbent is expected to contribute to development and delivery of vendor information security management training and provide input to relevant policies, processes and tools. In this capacity, the individual must be skilled in influencing others to assess and monitor vendor information security risk following the risk management policy.
- Review of independent audit reports, penetration testing reports, vulnerability management reports etc.
- Draft final output/deliverable, the vendor information risk assessment memos for approval by business owners.
- Review third-party contracts to help ensure key terms and conditions are included to safeguard Manulife information assets.
- Participate in scoping calls with the Business Owner and IT Subject Matter Expert/s to understand the engagement to help (1) Identify material risks to the company and (2) Know what applicable IT Security Controls should be in place.
- Report on the status of vendor risk assessment assignments in weekly team meetings and stand-up meetings with onshore counterparts/stakeholders.
- Support IT audits conducted by Audit Services, regulators, clients, and third-party auditors.
- Be part of an active team who remains current on emerging risks and technologies, key developments, and strategies for the businesses we support.
- Stay informed on emerging technologies, key business drivers, evolving threats and opportunities.
- Additional duties as assigned in information security and business continuity management domains.
- 7 years of experience in Technology, Technology Risk and Controls, Technology Audit, Cybersecurity, Application Security, Network Security, Cyber Resiliency and Third-Party Outsourcing Risk Management within a large enterprise level environment.
- Bachelor's degree (Computer Science, Business or Finance preferred, but not required)..
- Must have experience performing vendor risk assessment and experience with reviews of third-party assurance reports (SOC2, ISO 27001).
- Holds an internationally recognized Security Certification such as CISA, CISM, CISSP, ISO 27001 Lead Auditor. etc.
- Knowledge of and experience with industry risk frameworks and information security standards (ISO27001, NIST Cybersecurity Framework, PCI DSS, HITRUST, etc.)
- Experienced in Archer, Process Unity or any Vendor Risk Management tool is preferred.
- Ability to manage and work on multiple assignments simultaneously with minimal supervision.
- Lead medium to large size projects or work streams with moderate resource requirements, risk and/or complexity with multiple teams representing different interests.
- Strong facilitation skills and can communicate difficult concepts and information to customers; converts technical information into business information and advice.
- Interprets internal/external business challenges and recommends course of actions and market best practices to improve products, processes, or services.
- Influences others to adopt a different point of view.
About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Asia, Canada, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups and institutions. At the end of 2022, we had more than 40,000 employees, over 116,000 agents, and thousands of distribution partners, serving over 34 million customers. At the end of 2022, we had $1.3 trillion (US$1.0 trillion) in assets under management and administration, including total invested assets of $0.4 trillion (US $0.3 trillion), and segregated funds net assets of $0.3 trillion (US$0.3 trillion). We trade as ‘MFC’ on the Toronto, New York, and the Philippine stock exchanges, and under ‘945’ in Hong Kong.
Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact firstname.lastname@example.org.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits CISA CISM CISSP Compliance Computer Science Finance Governance HITRUST ISO 27001 Monitoring Network security NIST PCI DSS Pentesting Risk assessment Risk management SOC 2 Vulnerability management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open SOC Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Cybersecurity Consultant jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Architect jobs
- Open o365 Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Staff Product Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior SOC Analyst jobs
- Open Cyber Security Specialist jobs
- Open Firewalls-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Kubernetes-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Forensics-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open Splunk-related jobs