You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.
Job Description:
This position is expected to own relationships with tactical management throughout ES Asia Technology organization, improve expertise and capability of the Risk & Compliance supporting Sun Life Asia’s Technology organization. The position reports to the Associate Director GRC, Asia IT, and will be based in Manila, Philippines.
The role is responsible for leading a portfolio of complex risk assessments, reviews & management testing related to enterprise Information Technology, with an emphasis toward IT Infrastructure, information security (including emerging cyber security risks) audits and timely consulting & support to ongoing Asia IT projects. This will also include IT Application reviews, specifically focusing on system controls. The responsibilities includes execution & delivery of the defined annual IT Governance plan, providing oversight and direction for complex and technical matters, and performing series of management self-testing within the Technology Organization in Asia.
Major Accountabilities
SLFs’ Risk Management framework sets out the over-arching framework for the management of risk across the enterprise.
This role requires the implementation & embedding the program within Asia IT organization in close alignment with ES Governance, Risk & Controls team & Corporate Risk. Key component of the Operational Risk Management Framework includes working with Technology leaders (CIO, CTO etc.) to identify and assess the top inherent risks and the associated internal controls to help understand the residual risk exposure within the business.The role includes monitoring & independent testing of the day to day operating controls, escalating issues / Operational Risk Events & closely monitoring them.
IT Governance & monitoring of large and heterogeneous IT Infrastructure spread in Asia (including Mainframe, distributed computing platforms, voice/ telephony; enterprise networks, storage and security management)
Draw up a IT Governance Plan for each year and drive adherence to it;
Reviewing & testing of
Information Security: Governance; Access Administration; Incident & Vulnerability Management; Internal & External Threat Management; Security policies, standards, and management control
Technology Platforms: including UNIX, VMware, Windows servers; Storage (SAN, NAS, CAS) and Middleware.
Information/Database Management: Data Warehouses & Database Management systems including Sybase, Oracle, SQL, DB2/UDB and IMS.
Network Technologies: network security & management; Internet/Intranet technologies; Firewalls, Routers & Switches; IDS/IPS; VOIP; Radius, TACACS; Wireless; DNS.
Computer Operations: Cloud Computing, Data Center, Call Center and Network Control Center processes including problem management, service level management, environmental controls, physical security, job scheduling, job entry systems, media management, backup and recovery, and capacity & performance management.
Assess technology that is new to the company such as cloud computing, mobile technology and high performance computing programs, and their related support models
Embed control framework to align with Enterprise Services policy, directive and practices within in ES Asia & DBI
Developing, reviewing, approving and periodically refreshing policies, directives & operating guidelines stemming from corporate, regional & local requirements
Drive controls & compliance agenda for significant projects, initiatives & third party relationships
Manage the risks associated with a significant business disruption by establishing & governing a comprehensive Business Continuity Management Program
Act as a relationship manager between ES NA Program leaders, audit, governance and information services management to proactively understand emerging and developing risk areas
Serves as a trusted advisor to the program/project manager and assumes both execution and responsibilities of specific areas including innovation
Education and experience required for the role
Bachelor's Degree in CS/E&C/IT Engineering or MCA / MBA with 8-12 years of experience in IT Governance, auditing business planning and future visioning in IT
Interest in technology / IT or a recognized IT audit / security (CISA, CIA, CISM, CISSP) designation,
Good understanding of concepts around COSO, COBIT
In depth knowledge of IT Governance methodologies, project management and system development methodologies, control frameworks and risk management practices, & regulatory requirements
Proven experience in planning and executing against defined deadlines to achieve assignment objectives.
Multitasking and the ability to operate effectively under pressure.
Strong written and verbal communication skills, with ability to both develop relationships
Working knowledge of financial institution processes, including those relating specifically to group functions such as Finance, Treasury, Insurance, Actuarial and Investments is an asset.
Ability to quickly comprehend business processes and identify the risk implications, to analyze complex situations, to reach appropriate conclusions, and make value-added and practical recommendations
Excellent influencing skills, effective stakeholder management with successful track record of working collaboratively across matrix teams
Job Category:
Risk Management
