Information Security Analyst

We’re seeking an Information Security Analyst to join our Group Functions IT – Information Security Management and Business Resilience (GFT ISM & BR) team at MBPS. In this role, you will play a key part in delivering BUSO services and driving continuous security monitoring across the organization. Your responsibilities will include managing security service requests, coordinate Information Risk Assessments (IRA) and Corrective Action Plans (CAP), and supporting special projects that strengthen our security posture.

You will collaborate closely with both technology and business teams to ensure compliance with organizational and regulatory requirements, while enhancing the resilience and reliability of our technology systems and infrastructure. This is an opportunity to make a meaningful impact on safeguarding our operations and enabling secure business growth.

Have the skills and knowledge for the job? Learn more about the opening below!

Key Responsibilities:

• Conduct operational tasks that could be centralized (or outsourced) from risk owners.
• Support operational information risk activities and other operational processes.
• Review various service requests and assess if request is compliant with company security policy and standards (e.g., Firewall, Endpoint Protection, Privileged Access, File Level Exemption, etc.)
• Conduct project Information Risk Assessment through engagement of various technical product owners/SMEs, and facilitate project team’s completion of IRA worksheet.
• Engage key stakeholders during various stages of security and privacy incident handling.
• Support in the end-to-end management and timely resolution of security incidents, particularly on Data Loss Prevention (DLP) related incidents.
• Post-incident reviews to enhance future incident response strategies.
• Work with relevant stakeholders and risk owners to develop standardized approach on processing tasks which aims to operationalize and streamline processes.
• Set up general governance for each task (e.g., structure, onboarding/ offboarding toolkit) and engage tower BUSO for follow-up / escalation when required.
• Provide assistance in performing knowledge transfer /sharing to new members of the team and/or other IT control and governance team members.
• Coordinate with tower BUSOs for regular status update.
• Support security program activities in segment level like performing/facilitating application security assessments and providing application security consulting services to IT and other relevant partners and clients.
• Promote the information risk assessment program across towers.

Required Qualifications:

• 1 – 2 years of progressive experience related to Information Security Management.
• With background in Information Security Management, Information Security Risk Assessment (both in project and BAU), Security Incident Handling, Access Review, Data Loss Prevention Management and other security processes like incident/crisis management, access management, vulnerability and patch management, as well as operational processes for business continuity and disaster recovery.
• Good understanding of Manulife’s Information Risk Management Framework (Risk Identification and Assessment, Risk Treatment, Risk Monitoring, Sustain and Independent Review), CIA Triad (Confidentiality, Integrity and Availability), Zero-Trust Tolerance.
• Exposed in the Information SecurityTechnologies: BlueCat Address Manager, JIRA, ServiceNow, Devo, PowerBI, Process Unity, Confluence, Archer.
• Knowledge of latest technology development and financial services / insurance business.
• Amenable to work on a fixed night shift schedule
• Amenable to work on a hybrid set-up (3x a week onsite)

Preferred Qualifications:

• Self-driven, able to meet objectives with a minimal amount of managerial oversight/supervision.
• Can distill complex issues into simple reports, solutions, and designs.
• A team player who can interact with other control functions on project delivery
• Advocate constant learning from both success and failure, and encourages openness to change and continuous improvement
• Good organizational and problem-solving abilities that enable you to manage through creative abrasion
• Excellent in verbal and written communication with the ability to effectively articulate and communicate technical vision, possibilities, and outcomes.

When you join our team:

• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we’ll support you in shaping the future you want to see.