Chief Information Security Officer, Asia (manulife)

Job Description

General Description:

The Asia Chief Information Security Officer is a senior leadership role responsible for working closely with the Global Chief Information Security Officer & Asia Chief Information Officer to define, implement, and oversee the enterprise-wide cybersecurity strategy in Asia. This role bridges the gap between security operations and business objectives, ensuring that security controls are effectively integrated into the organization’s processes while enabling innovation and growth. The Asia CISO will drive strategic security initiatives, enhance risk management, and foster a security-first culture across all business units and geographies in the Asia segment.

Position Responsibilities:

• Strategy and Collaboration:

• Collaborate with the Global CISO & Asia CIO to localize the organization’s cybersecurity strategy, ensuring alignment with business objectives.

• Provide executive leadership in the design and implementation of security frameworks, policies, and controls.

• Advocate for cybersecurity initiatives at the executive level, translating technical risks into business-relevant discussions.

•   Establish and lead governance structures to ensure compliance with local regulatory, legal, and industry-specific security requirements.

• Define and implement security strategies in collaboration with local IT teams and global cybersecurity partners to enhance the security and reliability of technical capabilities. Evaluate enterprise-wide security and protection tools on aspects of fit-for-purpose, support and compliance with Local Market regulation and needs across all the Asia markets.

• Security Maturity and Risk Management: Continuously improve the overall security posture of the organization, monitor risk levels, and ensure compliance with regulatory requirements and applicable internal standards. Establish hand enforce Information Security Policies, Standards and Guidelines across all markets within the Asia segment.

• Application Security: Work with Asia Delivery and Dev Sec Ops to strengthen application security and implement controls in alignment with the risk management framework and regularly assess their effectiveness. Drive deployment across the markets, including annual penetration testing, dynamic application security testing (DAST), static application security testing (SAST), Snyk scanning, secrets management, and Web Application Firewalls (WAF) processes for Asia.

• Risk Assessment and Monitoring: Align with Business Unit and Functional Technology Delivery Teams to drive risk demand, perform risk assessments, monitor control performance, and manage corrective action plans and exceptions to address operational defects. Manage planning sessions with risk stakeholders to prioritize demand against fixed capacities at the segment and business unit levels.

• Business Engagement & Risk Management:

• Partner with senior business leaders to integrate security into corporate strategy, ensuring security is a business enabler rather than a barrier

• View Orignal JOB on: italents.net

  Drive security risk management programs, working with risk, compliance, and legal teams to manage enterprise risk exposure.

• Oversee security assessments for new business initiatives, mergers & acquisitions, and third-party engagements/Services.

• Reporting and Compliance: Produce and deliver annual CISO reports to the Board of Directors and ensure annual regulatory compliance certifications. Maintain strong knowledge of local market regulatory reporting obligations and cybersecurity frameworks compliance.

• Policy and Standards Review: Review and provide input on all policies and standards, facilitate impact analyses, and lead programs to align with new requirements as required.

• Project Delivery: Deliver risk requirements for all projects resourced from segment and shared service teams, using a standard methodology and ensuring a smooth handover to operations upon completion.

• Cyber Operations: Works with the Global CISO, central cyber security functions, Regional and market stakeholders on threat detection and monitoring, incident management including response, investigation, mitigation and prevention.

• Collaboration and Communication: Collaborate with global and regional IT teams to integrate security into all aspects of IT Application Delivery and operations. Communicate effectively with stakeholders, including executives, employees, and external partners, regarding all security initiatives and issues. Represent and advocate for the Asia segment in all global security committees and forums.

• Audit and Inquiry Management: Address audits and inquiries using a system of record for risk and controls management and drive continuous improvement for governance and controls practices.

• Training and Development: Provide regular training to the technology community, covering topics such as annual penetration test lessons learned, emerging risks, new standard requirements, security best practices and refreshes etc.

• Team Leadership: Oversee the Asia teams responsible for application security, risk assessments, vulnerability management, audits, controls testing, regulatory compliance, and other cybersecurity functions. Build and lead a high-performing information security team in the Asia segment.

Required Qualifications:

• Experience: A minimum of 10+ years in security, risk, compliance, and technology leadership, with proven experience in developing and executing both strategic and tactical plans.

• Proven track record of developing and executing security strategies that align with business objectives.

• Experience in risk management, governance, and security operations within global organizations

• Strong analytical, problem-solving and decision-making skills

• Industry Leadership: Recognized as an industry leader with broad technical skills across all aspects of information security and risk management. Prior experience working within Asia markets would be an important advantage.

• Technical Expertise: Deep experience in cybersecurity, cloud security, software engineering practices, and vulnerability management.

• Qualifications: Bachelor’s degree in computer science, Information Technology, or a related field; master’s degree or MBA is preferred. Industry certifications such as CISSP, CISM, CISA, or equivalent would be an advantage.

• Best Practices: Strong knowledge of industry information security frameworks, standards, and best practices would be important.

• People Management: Proven experience in leading a team of 5-10 senior-level professionals. Proven ability to lead and manage cross-functional teams in a multicultural environment. Excellent communication and interpersonal skills.

• Program Establishment: Demonstrated success in establishing and delivering programs to raise cybersecurity maturity while aligning with an agile delivery methodology.

• Team Building: Proven ability to build and lead a risk management and security team capable of delivering with high impact.

Working Conditions:

• This position will be based in either Hong Kong or Singapore and is considered to be a Hybrid role and the normal Working Better Guidelines will apply.

• This role requires occasional travel to various locations within the Asia region and outside of it.

• The CISO may be required to work outside of normal business hours to address security incidents or attend meetings in different time zones etc. in the normal course of the role.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact recruitment@manulife.com.