Manager, Information, Technology and Privacy Risk Management

Prudential’s purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people’s career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.

Job Summary:
To act as “second line of defence” to provide assurance and oversight on information, technology and privacy risks that might pose a threat to the business. Provide subject matter expert advice and coach relevant parties from business and relevant stakeholders to ensure the relevant technology risk policies/guidelines and regulatory are being adhered to.

Principal Duties & Responsibilities:

Advisory

• Assist in providing advisory, assurance and oversight within business processes and technologies to ensure it is operating effectively to mitigate technology risk.
• Assist to provide oversight and assurance that local regulatory requirements that affect our technology risk are being effectively managed.
• Ensure appropriate policies, guidelines and procedures are in place to ensure local regulatory requirements relating to technology risk are met.
• Coordinate and support the implementation of Technology Risk Management Framework (TRMF) and Cyber Resilience Framework (CRF)
• Assist in ensuring data protection aspects are properly covered in the governance documents of all systems processing personal data.
• Monitor the implementation of information security and digital data protection standards, policies and procedures within the organization.
• Support operational functions as required to manage technology, information and privacy risk appropriately by providing advice and guidance for PAMB strategic projects and initiatives.

Awareness and Culture

• Coordinate completion of training and awareness.
• Initiates, facilitates and promotes activities to foster information, technology and privacy risk awareness within the organization.
• Provide advice, guidance and training for staffs on local policies, standards, processes, procedures and issues relating to technology risk.

Monitoring and Reporting

• Provide periodic reporting on technology risks to relevant stakeholders, senior management committee and board.
• Coordinate and support the completion of assurance and functional risk reviews, including site visit programs.
• Conduct assurance review, timely reporting and escalation of information, technology and privacy risk

• Support compliance assessment program to ensure compliance with regulatory requirements and best practices related to technology risk.
• Participates in the development, implementation, and ongoing technology risk monitoring to ensure information, technology and privacy concerns, requirements and responsibilities are addressed.

Collaboration with other stakeholders

• Work closely with IT, IT Security, Internal Audit, Compliance, Legal and other relevant stakeholders on information, technology and privacy related matters.

Job Specification:   

Qualifications

• Bachelor Degree in Information Technology, Computer Science, Information Security / Information Risk.

Experience

• Minimum 2 years related working experience in Information Security / Information Risk / IT Security / Risk sector is highly encouraged.

Knowledge & Skills         

• Able to interpret and apply the regulator guidelines and best practices on Information Security and Data Privacy requirements.
• Information Security related certifications such as CISSP, CISM, CEH, CompTIA Security + or similar certification will be added advantage.
• Ability to assess risks of the business as a whole.
• Good and clear communicator, with all levels of staff.
• Possess the ability to work under pressure as well as independently under minimal supervision.
• Understanding of technical controls, to be able to question and assess whether appropriate and in line with requirements.

 

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.