Manager, Application Security

您是否正在尋覓一處大家彼此支持和合作的工作處所，身邊有優秀團隊相伴，並由鼓舞人心的領袖帶領前行？您來對地方了。我們正在尋找雄心壯志的夥伴，除了同意我們的價値觀，亦會希望為世界各地的人成就更好每天。如果這聽起來符合您的想法，而您對以下職業亦感興趣，我們希望可以收到您的來信。

職位描述

The Opportunity

This position reports directly to the regional Asia IT Protection lead, within the Asia Information Security and Controls Governance team.

The function sits within Manulife’s line 1B of defense – where we align with leadership to set the risk culture, support IT and Ops in identifying and mitigating risks at scale, and provide a common view and narrative of key risks to enable business discussions.

This position oversees and supports the key controls governance processes within the first line of defense. We help line 1b business units to ensure uninterrupted BAU on a day-to-day basis by effectively managing their information and operational risks. To achieve this, we need to ensure success in maintaining internal controls and liaison with Manulife’s line 2b of defense that owns Manulife control policies and standards.

What motivates you?

• You obsess about customers, listen, engage and act for their benefit
• You think big, with curiosity to discover ways to use your agile mindset and enable business outcomes
• You thrive in teams, and enjoy getting things done together
• You take ownership and build solutions, focusing on what matters
• You do what is right, work with integrity and speak up
• You share your humanity, helping us build a diverse and inclusive work environment for everyone

We are looking for someone with:

• University graduate with minimum 5 years of experience or more of related technology risk, application security, or information security experience
• Understands application security vulnerabilities, different application security testing methodologies and related application security tools
• Technical knowledge of application and Data security tools (e.g. DLP, NAC, SAST, DAST, WAF)
• Knowledge on the following but not limited to the following technologies and/or security concept: Diverse Hybrid Cloud Computing, Security Automation, API Security, Web application Security Risks, Cloud security controls & technologies, source code/pen-test/vulnerability scanning tools, Devops pipeline, Infrastructure as a code, Kubernetes and Containers
• Experience in planning, designing and implementing an overall risk management process for a financial organization
• Good communication skills and able to work with onshore and off-shore teams
• Past experience in Regional role is advantageous
• Holding qualification of CISA, CISSP, CEH and PMP is preferable
• Other certifications such as OSCP, OSCE, GIAC Web Application Penetration Tester (GWAPT) will bean advantage

On the job you will:

• Take ownership of the Application security portfolio, helping to drive best practices, conducting security testing (automatic, manual), creating new ways to solve security issues and implemented application security controls based from Manulife Standard and Policies
• Day to day duties include testing and validation of vulnerability findings from External Pentesters, Security Researchers from Bug Bounty Platforms, provide advisory to the Development teams on how to resolve the vulnerabilities, provide insights and review on Architectural change on the Application
• Support the IT Protection program with focus on the application security domains
• Interact with the country's developers and AppSec champions to provide guidance, best practices and technical assistance in addressing application security issues will be part of the responsibility
• Provide expertise that ensures key checks and balances are completed to hold the 1LoD to account
• Collaboratively work with application development / AppSec champions and guide them to follow the security processes set in the SDLC gates
• Support and provide guidance to 1 LoD on risks mitigation strategies and remedial actions
• Work with stakeholders across the countries to promote consistent IT, Data and Application security best practices, standards and other company-wide initiatives
• Manage and update Key Performance Indicators (KPI’s) assigned for the team
• Managing monthly Application Security meetings and coordinating training for development staff
• Manage new projects and initiatives as needs arise and performs related duties as required

Our commitment to you

• Our mission; to be a part of making Decisions Easier and Lives Better
• A leadership team dedicated to your growth and success
• A bold ambition and set of goals to be a leader in driving transformation in our industry
• Our best. Every day.
•  

Learn more about opportunities with us at www.manulife.com/en/careers/why-join-us.html

宏利和恒康的各個職位都可以為您創造機會，從中學習新技能並推動職涯發展。準備好在某處地方發揮影響力了嗎？您還在等待什麼？立即報名申請。

宏利概覽

宏利金融有限公司是全球領先的金融服務供應商，致力幫助大眾輕鬆作出明智抉擇，實現精彩人生。本公司的環球總部設於加拿大多倫多，在加拿大、亞洲和歐洲的辦事處以「宏利」的名稱營運，而在美國主要以「恒康」的名稱經營。本公司提供理財建議及保險方案，並透過環球財富與資產管理部「宏利投資管理」為全球個人客戶、機構及退休計劃成員提供服務。截至2020年底，本公司旗下有超過37,000 位員工、逾118,000位代理人，以及數以萬計的經銷合作夥伴，為超過3,000萬位客戶提供服務。截至2021年6月30日，宏利所管理和提供行政管理的資產總值達13,000億加元（約11,000億美元），而在過去十二個月支付予客戶的款項達313億加元。本公司的主要業務遍及亞洲、加拿大和美國，爲客戶服務超過155年。本公司在多倫多、紐約及菲律賓證券交易所以股份代號MFC上市，在香港交易所則以股份代號945上市。

宏利為重視就業機會平等之雇主

在宏利／恒康，我們擁抱多元。我們致力吸引、發展並留住多元化的員工隊伍，正如我們所服務的客戶一樣多元化，並打造包容的工作環境，在充分發揮文化優勢的同時尊重個體差異。我們矢志維持公平的招聘、挽留、晉升及薪酬制度，我們管理的所有實踐及項目不會因種族、血統、原籍地、膚色、族裔、国籍、宗教或宗教信仰、信仰、性別（包括懷孕及其相關情況）、性取向、遺傳特徵、退伍軍人身份、性別認同、性別表達、年齡、婚姻狀況、家庭狀況、殘疾或受適用法律保護的任何其他因素而區別對待。

我們的首要任務是消除障礙，為員工提供平等就業機會。人力資源部代表將盡力為應徵過程中提出要求的申請人提供合理協助。  申請人要求提供協助所分享的信息將會按照適用法律及宏利政策儲存及使用。  應徵過程中如需協助，請聯絡[via CTgoodjobs Apply Now ]