Associate Director/Senior Manager, Information Risk Management

Position Responsibilities Security Testing: Execute security testing using methodologies such as SAST, SCA, and DAST to identify vulnerabilities. Leverage tools like Snyk for open-source dependency and container image security Information Risk Assessments: Conduct risk assessments for IT initiatives prior to go-live, review release evidence, and ensure compliance with internal and industry standards Third-Party Risk Management: Oversee vendor onboarding and governance, ensuring procurement aligns with security requirements and contractual clauses Vulnerability Management: Apply OWASP Top 10 and NIST guidelines to prevent common vulnerabilities such as injection flaws and broken access controls Secure Development: Embed security practices into SDLC and DevOps workflows, ensuring integration with CI/CD pipelines and version control systems Cloud Security: Assess and validate security controls for cloud platforms (e.g., Microsoft Azure, Alibaba Cloud) and cloud-native services such as Kubernetes and microservices GenAI Security Evaluation: Evaluate security risks in Generative AI projects, ensuring responsible use and compliance with data privacy and integrity standards Communication & Compliance: Translate technical risks into actionable insights for technical and non-technical stakeholders, including presenting security concerns and posture to all levels—from developers to senior executives, and providing regular updates to C-level leadership. Reviewing penetration testing reports and automated scans (Snyk, GitGuardian). Developing automated security reports using Power BI, Python, or Power Automate. Leading security audits and implementing remediation plans. Acting as product owner for enterprise SCA & SAST solutions, driving migration strategies and improving DevSecOps maturity. Managing penetration testing programs and refining methodologies based on stakeholder feedback. Enhancing AppSec risk metrics for accurate visualization and remediation guidance. Required Qualifications Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience) Proven experience in information security and compliance monitoring, preferably in cloud environments Strong analytical skills and ability to interpret complex security reports. Familiarity with penetration testing and DevOps tools (BurpSuite, Snyk, GitHub, GitGuardian) Knowledge of OWASP trends and Generative AI risk considerations Programming proficiency in Python or experience with Microsoft Power Automate Experience with Power BI or similar visualization tools Excellent communication and collaboration skills Relevant certifications (CISSP, CISM, CEH) preferred Understanding of IT control frameworks and regulatory requirements (ISO 27001, NIST, COBIT, PDPO, GDPR) When You Join Our Team We’ll empower you to learn and grow the career you want. We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words. As part of our global team, we’ll support you in shaping the future you want to see. About Manulife And John Hancock Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit Manulife is an Equal Opportunity Employer At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact Working Arrangement Hybrid Seniority level Mid-Senior level Employment type Full-time Job function Other Industries Insurance Referrals increase your chances of interviewing at Manulife by 2x Get notified about new Information Risk Manager jobs in Hong Kong, Hong Kong SAR . #J-18808-Ljbffr