MCPNew: now works with Claude & AI assistants
manulife

manulife

Head of IT Controls and Governance (ITCG)

Company

manulife

Role

Head of IT Controls and Governance (ITCG)

Location

Dist.7, Hồ Chí Minh, Vietnam

Job type

-

Found on Mokaru

23 hours ago

Share this job

Salary

Not disclosed by employer

Job description

The Head of IT Controls & Governance (ITCG) serves as the Country Cyber Lead and trusted advisor to the Country CIO, championing strong technology controls and effective governance across technology governance, technology controls, cyber security, operational resilience, and technology related regulatory matters.

Operating within Line 1, the role is accountable for managing and delivering the technology governance and cyber security program for Vietnam, working in close partnership with the Country CIO, Asia CISO team, and Regional ITCG teams to ensure alignment with enterprise standards, regional priorities, and local regulatory requirements. The role maintains the market's technology governance and controls framework, supports the implementation and maintenance of information security programs, provides an integrated view of technology and cyber risks, and enables risk-informed decision making across the market. The role also serves as the primary point of contact for cyber security matters, regulatory engagement, and technology resilience, including ownership of the IT Disaster Recovery Program.

Key Responsibilities

Technology Governance & Controls

  • Own and maintain the market's technology governance and controls framework, ensuring technology control obligations are effectively implemented and managed.
  • Act as a trusted advisor to the Country CIO on technology governance, controls, risk, and regulatory matters.
  • Support the Country CIO and technology leadership team in maintaining an integrated view of technology, cyber, and resilience risks across the market to enable risk-informed decision making.
  • Support and coordinate technology risk management activities, including Technology RCSA and Technology PCIRA processes.
  • Monitor technology control effectiveness and drive remediation of identified control gaps, audit findings, and regulatory actions.
  • Support technology stakeholders in understanding and meeting technology control and risk management obligations.
  • Provide risk insights and recommendations to enable risk-informed decision making by technology and business leadership.
  • Build trusted relationships with technology, business, risk, compliance, audit, and regulatory stakeholders to drive effective risk and control outcomes.

Cyber Security & Risk Management

  • Serve as the Country Cyber Lead and primary point of accountability for cyber security matters within the market.
  • Lead the local implementation and maintenance of the market's information security program, ensuring alignment with enterprise standards, regulatory requirements, and local business needs.
  • Support the business and technology teams in complying with enterprise security policies, standards, and regulatory requirements.
  • Perform Information Risk Assessments (IRAs) for technology projects, significant technology changes, and strategic initiatives, providing practical guidance on risk mitigation strategies and ensuring timely remediation of identified risks and control gaps
  • Coordinate cyber risk management, security assessments and testing, awareness, and remediation activities.
  • Lead country-specific security incidents where required, coordinating response, communication, escalation, and remediation activities.
  • Contribute to the development of segment and market security standards, frameworks, and risk management practices, and promote information risk awareness across the market.
  • Represent the market in regional cyber forums working closely with the Asia CISO team and Regional ITCG teams to provide local cyber risk insights, support regional priorities, and ensure alignment with enterprise standards..

Regulatory, Audit & Compliance Management

  • Act as the primary coordinator for technology and cyber-related audits, regulatory engagements, reviews and examinations.
  • Understand local technology risk regulatory requirements to provide guidance, support compliance activities, and directly engage with regulators during reviews and examinations.
  • Maintain the local IT regulatory matrix and assess the impact of new or changing regulatory requirements on technology and cyber controls.
  • Coordinate responses to audit findings, regulatory actions, and compliance issues.

Technology Resilience & Disaster Recovery

  • Own and maintain the market's IT System Disaster Recovery Program, ensuring alignment with enterprise standards and local regulatory requirements.
  • Coordinate disaster recovery planning, testing, governance, and reporting activities.
  • Monitor resilience readiness and recovery capabilities for critical technology services.
  • Drive remediation of identified resilience and recovery gaps.
  • Support regulatory, audit, and operational resilience requirements related to disaster recovery

Required Experience & Qualifications

  • 8+ years' experience in technology governance, technology risk, cyber security, controls management, audit, compliance, or operational resilience, preferably within financial services or another highly regulated industry.
  • Strong understanding of technology governance, technology controls, cyber security, operational resilience, and regulatory requirements.
  • Experience engaging senior technology leaders, regulators, auditors, and business stakeholders in a highly regulated environment.
  • Bachelor's degree in relevant discipline. CISSP, CISM, CISA, CRISC, CGEIT, or equivalent certifications desirable.

Core Competencies and Skills

  • Strong Vietnamese and English communication skills, with the ability to engage local stakeholders, regulators, and regional teams effectively
  • Technology governance, controls management, cyber security, and information risk management
  • Regulatory, audit, resilience, and disaster recovery management
  • Risk assessment, remediation tracking, and control issue resolution
  • Executive stakeholder management, influencing, and relationship building
  • Strategic thinking, business acumen, and ability to translate technology and cyber risks into business impacts and risk-informed decisions
  • Ability to collaborate effectively across cultures, teams, and regulatory environments

When you join our team

We’ll empower you to learn and grow the career you want.

We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.

As part of our global team, we’ll support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html .

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com .

Working Arrangement

Hybrid

Resume ExampleCover Letter Example