Together, we grow At Manulife we believe in growing, together. Our disciplined approach and fact-based decision making has delivered a consistent, long-term record of growth and success as a “Winning Company”. Our people contribute to this and share in it, realizing that, as we grow they...

Together, we grow

At Manulife we believe in growing, together.

Our disciplined approach and fact-based decision making has delivered a consistent, long-term record of growth and success as a “Winning Company”. Our people contribute to this and share in it, realizing that, as we grow they can too. Supported by professional training and experienced leadership there are opportunities to grow and develop your career across a broad range of disciplines and operations.

However career progression is not our only measure of success. We believe in a workplace that nurtures the development of people, both professionally and personally. By sharing and instilling in our people the values and ethics that define us, we enable our people to learn from each other and grow together.

Senior Consultant, Information Risk Management

Job level Middle
Work exp Minimum 5 Years
Education Bachelor Degree
Kwun Tong
Employment type Full Time
Industry Insurance
Job function Insurance > Others
Published On 15/06/2018



Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.
Job Summary
The Global Solutions Delivery Information Risk Management Team is actively searching for an experienced Senior Consultant, Information Risk Management.
You will enable your business and IT partners in the Investment Division and Group Functions (Manulife’s Corporate Division) to recognize and manage their information risk in a challenging and dynamic business environment. You will participate in key projects and initiatives ensuring information risk is always considered and managed. Your career will flourish with our strong commitment to personal and professional development and growth (including support for attaining and keeping industry designations and certifications). 
You will join a vibrant and global information risk management practice and team that works hard to enable and facilitate business while protecting our people and key information assets located in over eighteen countries. This multi-discipline team pulls together a number of specialties forging strong ties between:
  • Information Security and Information Protection
  • Risk & Control Assessments
  • Vendor Risk Management
  • IS Audit and Compliance support
  • Business Continuity and Disaster Recovery Management
You will be part of a wider IRM community of over 200 IRM professionals. You’ll become a member of a divisional IS team championing innovation with “LOFT” labs opened in Canada, the US and Singapore, and working with cutting edge technologies and practices such as Hadoop, Azure, DevOps and Agile Operations. You will join a world-class company known for its commitment to diversity, community involvement and work-life balance via the Work Smart program that sees 20% of Manulife’s employees working from home.
Your specific contribution as the Senior Consultant, Information Risk Management in Asia will see you act as a subject matter expert who assists divisional business partners and IT colleagues in Asia to identify, quantify and manage their information and technology risks from a confidentiality, integrity, availability and regulatory compliance perspective. You will act as the hands and feet on the ground in Asia for your North American IRM colleagues. You will empower those partners and colleagues to protect the information assets and intellectual property that they create and are entrusted with. You will help shape divisional and global IT and vendor related engagements or projects in Asia from a technology security and information protection perspective by ensuring that security and system recovery considerations are embedded into their system development life cycle (SDLC) and project gating processes. You will play an active role in vendor and contract risk assessments, assist business partners in completing risk and control assessments, and help coordinate internal audits including third-party audits. You will assist in the creation, maintenance and testing of business continuity and/or disaster recovery plans. You will promote information risk management awareness and education throughout the organization empowering risk informed decision making at all levels. You will be a critical resource in the overall protection of the organization’s critical information assets.  
  • Lead divisional information security, technology risk and business continuity program activities in Asia including implementing controls and facilitating information and vendor risk assessments.
  • Provide information security, system recovery and regulatory compliance consulting services to business and IT partners to mitigate risks to an acceptable level.
  • Support project risk assessments from an information risk management perspective, including risk identification based on information criticality through to control implementation and the management of risk acceptance by business areas. 
  • Support operational information risk activities including providing oversight of ongoing divisional security processes for incident/crisis management, access management, vulnerability and patch management, as well as operational processes for business continuity and disaster recovery.
  • Coordinate IT audits conducted by Audit Services, regulators, clients and third party auditors. Help in drafting responses and remediation plans. Ensure evidence is collected and shared in a timely fashion and all outstanding issues are closed as committed. Manage third-party IT audit engagements as required.
  • Work with business units and technical teams to implement information risk management processes and supporting procedures. 
  • Assist and actively participate in the team’s plans to achieve our goals, including those that originate from Global IRM (our oversight team) and the business. Participate in frameworks used to measure and report on progress made towards the achievement of those goals. 
  • Be part of an active team who remains current on emerging risks and technologies, key developments and strategies for the businesses we support. Keep abreast of new thoughts, tools and approaches within the IRM discipline. Stay informed on emerging technologies, key business drivers, evolving threats and opportunities from both the business and IRM. 
  • Collaborate with other IRM professionals including the Director of Information Security Management, the Director of Technology Risk Management, the Director of Business Continuity Management, the Divisional Information Risk Officer and other IRM professionals across Manulife globally.
  • Contribute and participate in divisional and global IRM projects and initiatives as requested. Ensure division-specific requirements and needs are accommodated whenever possible and practical in initiatives, projects and services.
  • Additional duties as assigned.


  • Five years or more of progressive information risk management experience in one or more disciplines: project/vendor risk assessment, network security, infrastructure/platform security, data/application security, vulnerability/patch management, IT auditing, IT risk and control assessments, and business continuity/disaster recovery planning. 
  • Professional certification or designation in information security, IT auditing, business continuity and/or disaster recovery a plus, but not a requirement.
  • University Degree (Computer Science, Business or Finance preferred, but not required).
  • Excellent communication skills (oral and written) including presentation skills with demonstrated ability to present at all organizational levels.
  • Ability to work independently and as part of a team, managing multiple priorities within tight deadlines.
  • Innovative problem solving skills with proven ability to exercise flexibility and judgement.
  • Ability to learn, know and act upon what is important to Manulife and the specific business units you support.
  • Proven ability to build relationships, engage and influence others, work with a diverse internal and international user community, as well as vendors. 
  • Strong interpersonal skills, including demonstrated ability to be sensitive and professional when communicating across geographical and cultural boundaries.
  • Effective influencing and negotiation skills with the aptitude to achieve consensus in a federated environment. 
  • Work in tandem with multiple and diverse business units simultaneously.  
  • Interpret and articulate the IRM standards, policies and goals in a way that engages the business units to act, develop and implement plans. This may require influencing more senior levels within the organization.
  • Through strong collaboration and Influencing skills, educate the business unit representatives on their information risks so that it remains a consideration when making decisions.  
  • Able to deal with ambiguity especially when requirements are in flux and responsibility for delivery is shared among teams.
About Manulife
Manulife Financial Corporation is a leading international financial services group that helps people achieve their dreams and aspirations by putting customers' needs first and providing the right advice and solutions. We operate as John Hancock in the United States and Manulife elsewhere. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. At the end of 2016, we had approximately 35,000 employees, 70,000 agents, and thousands of distribution partners, serving more than 22 million customers. At the end of 2016, we had $977 billion (US$728 billion) in assets under management and administration, and in the previous 12 months we made almost $26 billion in payments to our customers.
Our principal operations are in Asia, Canada and the United States where we have served customers for more than 100 years. With our global headquarters in Toronto, Canada, we trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.
Manulife is committed to supporting a culture of diversity and accessibility across the organization. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request an accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.

Information Technology