The Technology Risk and Third-Party Risk Management Manager will be responsible for overseeing and managing all aspects of outsourcing, cloud outsourcing, and third-party risk management within the organization. This role requires a deep understanding of regulatory compliance, risk management, and cloud computing technologies. The successful candidate will ensure that all outsourcing and third-party arrangements comply with relevant laws and regulations, mitigate associated risks, and maintain the confidentiality, integrity, and availability of data.

Position Responsibilities:

• Facilitate the development, implementation, and maintenance of an outsourcing and vendor management governance framework, along with policies and procedures aligned with industry standards and regulatory requirements.
• Ensure the Outsourcing Policy and Governance are properly followed while addressing Local/Group requirements from compliance, security, business continuity, finance, and tax standpoints with appropriate documentation in place.
• Conduct comprehensive risk assessments and due diligence for outsourcing, cloud outsourcing, and third-party arrangements.
• Develop and implement risk management frameworks and policies for traditional and cloud outsourcing, and third-party risk management.
• Manage relationships with service providers and third parties, including vendor selection, contract negotiation, security clause and performance monitoring.
• Ensure compliance with regulatory requirements, including OSFI B-10, OSFI E-21, GDPR, PDPO, etc.
• Implement robust security controls and data protection measures, including SOC 2, ISO 27001, COBIT, and NIST frameworks.
• Oversee business continuity planning and disaster recovery for outsourced and third-party services.
• Conduct regular due diligence and reviews of outsourcing and third-party arrangements to ensure compliance and effectiveness.
• Collaborate with response teams to ensure ongoing monitoring and effective governance of outsourcing arrangements.
• Produce concise reports for management review regarding the status of outsourcing management.
• Monitor and provide guidance to business units on controls and governance processes related to outsourcing requirements.
• Recommend improvements to enhance company-wide awareness of outsourcing practices.
• Stay updated with the latest trends and developments in outsourcing, cloud computing, and third-party risk management.

Required Qualifications:

• Bachelor’s degree in Business Administration, Enterprise Risk Management, Corporate Administration and Governance, Computer Science, Information Technology, or a related field.
• Minimum of 5 years in outsourcing management or third-party risk management (TPRM) or Technology Risk, preferably in financial institutions or the insurance industry.
• Preferred knowledge of regulatory requirements, particularly in outsourcing management. Regulatory bodies include Hong Kong Insurance Authority (IA), Mandatory Provident Fund Schemes Authority (MPFA), Monetary Authority of Macao (AMCM), and Office of the Superintendent of Financial Institutions (OSFI) in Canada.
• Ability to work independently and manage multiple tasks concurrently.
• Experience in reviewing legal documents, contract clauses, addendums, and Scope of Work (SoW).
• Risk Management / Internal Controls / TPRM related accreditation would be desirable.
• Proficiency in written and spoken English and Chinese languages. Capable of reading and writing in Simplified and Traditional Chinese.

Preferred Certification:

• Certified Outsourcing Professional (COP)
• Certified Outsourcing Management Professional (ISO37500)
• Certified Third-Party Risk Management Professional (C3PRMP)
• Certified Information Privacy Professional (CIPP)
• Project Management Professional (PMP)
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Certificate of Business Continuity Institute (CBCI)

When you join our team:

• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we’ll support you in shaping the future you want to see.

關於宏利和恒康

宏利金融公司是一家業界領先的國際金融服務集團，致力於幫助人們實現「輕鬆智選，精彩人生」。我們的全球總部位於加拿大多倫多；在亞洲、加拿大和歐洲以「宏利」之名營運，在美國主要以「恒康」之名營運。我們為個人、團體和機構提供財務諮詢、保險以及財富和資產管理解決方案。截至 2022 年底，我們擁有超過 40,000 名員工、超過 11.6 萬名代理人，及數以千計的經銷夥伴，為超過 3400 多萬名客戶提供服務。截至 2022 年底，我們管理的資產規模達 1.3 兆加元（1.0 兆美元），其中投資資產總額為 0.4 兆加元（0.3 兆美元），獨立基金淨資產為 0.3 兆加元（0.3 兆美元）。我們在多倫多、紐約和菲律賓的證券交易所以「MFC」名稱進行交易，在香港證券代碼為「945」。

宏利為重視就業機會平等之雇主
在宏利／恒康，我們擁抱多元。我們致力吸引、發展並留住多元化的員工隊伍，正如我們所服務的客戶一樣多元化，並打造包容的工作環境，在充分發揮文化優勢的同時尊重個體差異。我們矢志維持公平的招聘、挽留、晉升及薪酬制度，我們管理的所有實踐及項目不會因種族、血統、原籍地、膚色、族裔、国籍、宗教或宗教信仰、信仰、性別（包括懷孕及其相關情況）、性取向、遺傳特徵、退伍軍人身份、性別認同、性別表達、年齡、婚姻狀況、家庭狀況、殘疾或受適用法律保護的任何其他因素而區別對待。

我們的首要任務是消除障礙，為員工提供平等就業機會。人力資源部代表將盡力為應徵過程中提出要求的申請人提供合理協助。  申請人要求提供協助所分享的信息將會按照適用法律及宏利政策儲存及使用。  應徵過程中如需協助，請聯絡[via CTgoodjobs Apply Now]