Director, Information Security Management, Enterprise Technologies

7 months ago

Hong Kong, Hong Kong SAR China Manulife Full time

Job Description

The Opportunity

The ETS Asia Control Integrity team is the security and compliance team under the ETS Asia Umbrella. The team performs security assessments for new technologies and new projects, in addition to performing an assurance function to ensure ETS comply with company and regulatory security requirements. The incumbent will be an individual contributor reporting to the AVP of the team and will be the Deputy for the AVP.

The incumbent’s primary responsibility includes design, implement, and monitor security controls for the cloud-based infrastructure (IaaS), platform (PaaS, Kubernetes) and services. The second responsibility is to oversee network security assessment and remediation activities. The third responsibility is to oversee audit and second line assurance review related activities.

The incumbent will create positive impact to the infrastructure and platform managed by ETS to make sure products and services are provisioned and maintain securely in its life cycle.

What motivates you?

You obsess about customers, listen, engage and act for their benefit 

You think big, with curiosity to discover ways to use your agile mindset and enable business outcomes 

You thrive in teams, and enjoy getting things done together

You take ownership and build solutions, focusing on what matters 

You do what is right, work with integrity and speak up

You share your humanity, helping us build a diverse and inclusive work environment for everyone 

We are looking for someone with:

Degree holder of computer science or engineering.

Possess Information security (CISSP, CISM, SANS) and auditing (CISA) designations.

At least 5 years working experience focusing on security architectural design and assessment for cloud based infrastructure and platform.

At least 10 years of working experience in the information security areas including cloud security, network security, AAA, RBAC, encryption, security scanning, hardening, privilege ID management etc.

Experience with defining security guardrails in DevOps CI/CD pipelines.

Experience with microcontainer architecture and docker containers based applications.

Experience with container management tools such as Kubernetes

Experience in security scanning tools and security controls in microservices env.

Strong experience on automation for security control enforcement and monitoring

Ability to manage multiple tasks for multiple stakeholders which will need to be prioritized. Results oriented; ability to balance multiple priorities and projects.

Knowledge of control frameworks, risk management practices and regulatory requirements.

Well-developed impact and influence skills.

Track record of building strong relationships across technology functions.

Excellent customer focus and commitment to quality.

Knowledge and understanding of the financial industry.

On the Job you will:

Project and Technology Information Risk Management

Perform ETS project and technology information risk assessments including assessing risks and define controls as well as tracking the implementation of controls. Assessment focus for the incumbent is the cloud-based infrastructure, platform and services.

Design, document and/or implement BAU security controls applicable to the cloud-based infrastructure, platform and services.

Assess, monitor, guide continuous improvement of the DevSecOps technologies and processes.

Evaluate products for implementing security controls in the cloud or on-premises spaces.

Develop Infrastructure-as-code to automatically and continuously enforce security controls.

Provide oversight to the direct reports specialized on network security to perform network security assessment and lead remediation activities.

Assurance Review

Establish security compliance monitoring mechanism to periodically and automatically measure security control operation effectiveness.

Establish security metrics for overall security posture reporting.

Manage audit activities and second line assurance review activities to steer these reviews to focus on high risk processes and technologies. Perform pre-audit to establish/refine controls and minimize audit issues.

What can we offer you?

A competitive salary and benefits packages.

A growth trajectory that extends upward and outward, encouraging you to follow your passions and learn new skills.

A focus on growing your career path with us.

Flexible work policies and strong work-life balance.

Professional development and leadership opportunities.


Our commitment to you

Values-first culture
We lead with our Values every day and bring them to life together. Boundless opportunity
We create opportunities to learn and grow at every stage of your career. Continuous innovation
We invite you to help redefine the future of financial services. Delivering the promise of Diversity, Equity and Inclusion
We foster an inclusive workplace where everyone thrives. Championing Corporate Citizenship
We build a business that benefits all stakeholders and has a positive social and environmental impact.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Asia, Canada, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups and institutions. At the end of 2022, we had more than 40,000 employees, over 116,000 agents, and thousands of distribution partners, serving over 34 million customers. At the end of 2022, we had $1.3 trillion (US$1.0 trillion) in assets under management and administration, including total invested assets of $0.4 trillion (US $0.3 trillion), and segregated funds net assets of $0.3 trillion (US$0.3 trillion). We trade as ‘MFC’ on the Toronto, New York, and the Philippine stock exchanges, and under ‘945’ in Hong Kong.

Manulife is an Equal Opportunity Employer

At Manulife/JohnHancock, we embrace our diversity. We strive to attract,developandretaina workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin,colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers toprovideequal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent withapplicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact .

  • Information Security Analyst

    3 months ago

    hong kong, Hong Kong SAR China Classy Wheeler Limited Full time

    Information Security Analyst (Public Enterprise) Client Description: Well-established public enterprise. Job Description: Perform technical advisory in assigned project area for ensuring identified information security risks are mitigated and controls are implemented. Coordinate and conduct IS assurance activities on application software and system to...

  • Director, Information Security Management, Enterprise Technologies

    7 months ago

    Hong Kong, Hong Kong SAR China Company 331 - Manulife Financial Asia Limited Full time

    Description The Opportunity The ETS Asia Control Integrity team is the security and compliance team under the ETS Asia Umbrella. The team performs security assessments for new technologies and new projects, in addition to performing an assurance function to ensure ETS comply with company and regulatory security requirements. The incumbent will be...

  • Manager/Associate Director

    7 months ago

    Hong Kong, Hong Kong SAR China KPMG China Full time

    KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients' needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment...

  • Chief Information Security Officer

    4 weeks ago

    Hong Kong, Central and Western District, Hong Kong SAR China Qube Research & Technologies Full time

    About the RoleWe are seeking a highly skilled Senior Security Engineer to join our team at Qube Research & Technologies (QRT). As a critical member of our security operations group, you will play a key role in shaping the security landscape from the ground up, engaging with a wide array of technologies, driving architectural decisions, selecting specific...

  • Information Security Architect

    3 months ago

    Hong Kong, Hong Kong SAR China NLS Full time

      The role: Team Leadership: Lead and direct a team covering the firm's cybersecurity operations. Ensuring the development of information security architectures, strategies, roadmaps, standards and procedures (cloud and on-prem). Collaboration: Work closely with various IT departments to validate information security and robustness for IT infrastructure,...

  • Information Security Engineer

    3 hours ago

    Hong Kong, Hong Kong SAR China Hong Kong Exchanges and Clearing Limited Full time

    Company Introduction: We're home to Asia's most dynamic and vibrant capital markets. Connecting capital, ideas, inspiration and innovation for deeper, more diverse and liquid global capital markets; providing greater choice and opportunity for our customers, each and every day. HKEX is a purpose-driven company. Our commitment to the long-term development...

  • Manager/Associate Director, Cyber Security

    7 months ago

    Hong Kong, Hong Kong SAR China KPMG China Full time

    KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients' needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment...

  • Technology Risk Manager

    6 days ago

    Hong Kong, Hong Kong SAR China Bank Of China (Hong Kong) Limited Full time

    Roles and Responsibilities & Specific Requirements (Application Security): Assist in reviewing IT initiatives and provide advisory from technology risk perspectives Assist to establish and review policies, guidelines, procedures in application security area Provide advisory and practical guidance to support technology risk and information security...

  • Enterprise Digital Sales-Security

    6 months ago

    Hong Kong, Hong Kong SAR China Microsoft Full time

    Overview Digital Sales Enterprise, part of Microsoft's SMC and Digital Sales organization, empowers our customers through the unique value of the Microsoft Cloud by building a globally-led, digital-first scale organization aligned with partners. As part of our local subsidiaries or Digital Sales centers around the world, you will engage a dedicated...

  • Senior Information Security Manager

    7 days ago

    Hong Kong, Central and Western District, Hong Kong SAR China Classy Wheeler Limited Full time

    Job DescriptionA challenging opportunity has arisen for an experienced Senior Information Security Manager to join Classy Wheeler Limited as Chief IT Security Officer. The successful candidate will be responsible for leading the development and implementation of security policies, procedures, and practices to protect our global luxury retail corporation's...

  • Enterprise Technology Strategist

    4 weeks ago

    Hong Kong, Central and Western District, Hong Kong SAR China Classy Wheeler Limited Full time

    Job Title: Enterprise Technology StrategistAbout Us: Classy Wheeler Limited is a well-known personal financial services company.Overview: We are seeking an experienced Enterprise Technology Strategist to join our team. As a key member of our IT department, you will play a critical role in shaping the technology direction of our organization.Job Description:...

  • Manager/Associate Director, Cyber Security

    7 months ago

    Hong Kong, Hong Kong SAR China KPMG China Full time

    KPMG China provides multidisciplinary services from audit and tax to advisory, with a strong focus on serving our clients' needs and their industries. Not only do we have an overriding commitment to provide the highest quality services for our clients, but we also strive to become a responsible corporate citizen that has a positive impact on our environment...

  • Senior Enterprise Applications Director

    7 days ago

    Hong Kong, Central and Western District, Hong Kong SAR China Classy Wheeler Limited Full time

    Classy Wheeler Limited - Job DescriptionWe are seeking a highly skilled and experienced Senior Enterprise Applications Director to join our team. The successful candidate will be responsible for overseeing the implementation of enterprise applications and driving large-scale digital transformation projects across the region.About UsAt Classy Wheeler Limited,...

  • Information Security Leadership Opportunity at Shangri-La

    1 month ago

    Hong Kong, Central and Western District, Hong Kong SAR China Shangri-La Full time

    We are looking for a seasoned information security professional to lead our security function. The ideal candidate will have a strong background in managing information security functions for sizable companies, with a proven track record of developing and implementing enterprise-level information security policies & procedures.Key ResponsibilitiesManage...

  • Cyber Security Manager

    2 months ago

    Hong Kong, Central and Western District, Hong Kong SAR China KPMG China Full time

    Cyber Security Manager Job DescriptionKPMG China is seeking a highly skilled Cyber Security Manager to join our team. As a Cyber Security Manager, you will be responsible for leading cyber security engagements, including security strategy, policy, and architecture, information privacy, and governance. You will also communicate technical issues in business...

  • Chief Technology Security Officer

    2 weeks ago

    Hong Kong, Central and Western District, Hong Kong SAR China AIA International Limited. Full time

    About AIA International LimitedAIA International Limited is a leading pan-Asian life insurance group committed to building a healthier, more sustainable future for our customers and the communities we serve.Job OverviewWe are seeking an experienced Cyber Risk Management Director to join our team in Hong Kong. As a key member of our technology risk management...

  • Cybersecurity Specialist

    1 hour ago

    Hong Kong, Central and Western District, Hong Kong SAR China Hong Kong Exchanges and Clearing Limited Full time

    Job OverviewAt Hong Kong Exchanges and Clearing Limited, we're seeking a highly skilled Cybersecurity Specialist to join our Information Security team. This role plays a critical part in designing, building, and maintaining enterprise IT security solutions to protect our organization's assets.ResponsibilitiesWe're looking for an expert who can deploy and...

  • Senior Information Security Manager

    1 month ago

    Hong Kong, Central and Western District, Hong Kong SAR China Global Executive Consultants Ltd. Full time

    Job Opportunity: Senior Information Security ManagerWe are seeking a highly skilled and experienced Senior Information Security Manager to join our team at Global Executive Consultants Ltd.About the Role:This is a senior-level position responsible for leading internal audit exercises with a focus on information security, conducting risk and control...

  • Product Security/Security Architecture Lead

    2 months ago

    Hong Kong, Hong Kong SAR China Qube Research & Technologies Full time

    Qube Research & Technologies (QRT) is a global quantitative and systematic investment manager, operating in all liquid asset classes across the world. We are a technology and data driven group implementing a scientific approach to investing. Combining data, research, technology, and trading expertise has shaped our collaborative mindset, which enables us to...

  • Chief Information Technology Operations Specialist

    3 weeks ago

    Hong Kong, Central and Western District, Hong Kong SAR China Computer And Technologies Holdings Limited Full time

    Job DescriptionWe are seeking an experienced Chief Information Technology Operations Specialist to join our team at Computer And Technologies Holdings Limited.About the RoleThe successful candidate will be responsible for providing IT helpdesk support, handling calls, and following up on actions, coordination, and escalation. Additionally, they will monitor...