Overview
Information Security Manager Jobs in Yangon, Myanmar at Manulife Myanmar
Title: Information Security Manager
Company: Manulife Myanmar
Location: Yangon, Myanmar
The Information Security Manager role sits in the first line of defense, is responsible for business units’ information risk management (IRM) services, in alignment with the mandates and objectives of Asia segment, as well as Globally. The individual will collaborate and liaise with Country Information Services, Business Units, Global CoE teams and Asia segment stakeholders, participates in countries’ governance structure to support the implementation of IRM strategy; and execute the practices and controls, as well as promote risk and security awareness for the successful implementation of the IRM strategy.
Key Result Areas:
Execute Information Risk Management/Information Security policies and standards and associated security controls especially in the Information Security Management ISM and Technology Risk Management TRM domains for the SEA region
Conduct Information Risk Assessments and Vendor Risk Assessments, participate in due diligence on vendor selection process, identify potential risk, and provide guidance on risk mitigation and acceptance process
Participate in IT projects and initiatives to bring proactive risk management focus into solutions, assist in formulation IRM plan to ensure effective and consistent application of IRM policies and standards across all technology projects, systems and services, as well as compliance to local Laws and Regulations
Assist on formulation of risk mitigation plans and solutions in order to ensure compliance with Manulife’s standards, strategies and local regulations.
Provide advisory and guidance on Information Risk, Technology Risk and Regulatory for information services and business
Support and participate in security projects from our Global and Regional partners
Assist in establishing information risk and security council, risk profiles and appetites, report on the business unit’s risk and performance, posture and exposures, ensures up to date KPI/KRI metric, monitors and reports on current risk posture
Coordinate security activities, including but not limited to application security scanning and penetration test, vulnerability management, logical access regular assessment, information risk awareness and readiness for the market
Review and understand technology risk regulatory requirements, provide advisory, ensure compliance with the requirements including framework, guidelines & policies for IRM and IT, maintain of local IT regulatory matrix
Conduct gap analysis for changes to Company policies, standards and new or updated Regulatory requirements, provide advisory and guidance on developing action plans to address the gaps
Liaison to internal, external auditors, and regulatory agencies on risk and compliance reviews and examinations, oversee audit issues, ensure issues are tracked and addressed in a timely manner
Incident management, establish communication and escalations, response & handling in the event of an information risk or security incident, advice and guidance for immediate corrective actions. Participate in investigations and reporting. Review, advise and monitor preventive actions
Ensure controls are executed effectively, efficiently and consistently across SEA region, conduct quality control and tests on the controls, identify gaps, and devise and execute action plans to address any gaps found; to ensure deficiencies are remediated appropriately
Report control gaps and remediation status to stakeholders
Coordinate & collaborate from IT…