Head of Cyber Risk Management and Resiliency
The Head of Cyber Risk Management and Resiliency provides regional leadership for cyber risk management across all Asia markets supported by the Asia CISO function. The position is responsible for consistent risk interpretation, risk documentation quality, residual risk validation and prioritization of cyber risks across the region. The role leads the Country Cyber Leads (BUSOs) within a centralized regional structure to improve alignment, ensure consistent application of enterprise expectations and strengthen the region’s ability to identify, articulate and manage cyber risks.
The role also provides regional leadership for cyber resiliency, including incident readiness, maintenance of regional incident response playbooks, coordination of simulation routines and support for cross‑market cyber incident management. This includes ensuring alignment with Global Cyber Incident Management requirements and strengthening escalation discipline and cross‑market execution during Priority 1 and Priority 2 incidents.
This is a senior leadership role within the Asia CISO organization. It requires the ability to lead a diverse and geographically dispersed group of Country Cyber Leads (BUSOs), operate effectively across markets with varying levels of maturity and collaborate with senior technology leaders, business stakeholders and regulatory partners across the region.
Position Responsibilities:
Provide regional ownership for cyber risk management across Asia, including consistent interpretation of cyber risks, residual risk validation and documentation quality for Issues, Corrective Action Plans and Exception Requests.
Lead the Country Cyber Leads (BUSOs) as a unified regional team to ensure consistent application of standards, alignment with enterprise risk expectations and effective engagement with market technology leaders and regulators.
Oversee the quality and clarity of risk documentation to support accurate, defensible and consistent articulation of cyber risks across all markets.
Lead regional cyber resiliency, including incident readiness practices, maintenance of playbooks, coordination of simulation exercises and alignment with global incident management processes.
Provide regional leadership during cross‑market cyber incidents, ensuring effective communication, escalation discipline and execution of Global Cyber Incident Management directives.
Aggregate and analyze regional cyber risk themes, patterns and systemic issues to provide actionable insights to Asia leadership and global stakeholders.
Partner with Security Risk Assessment and Advisory, Security Engineering and Program Delivery to ensure risk management practices are embedded consistently across transformation initiatives.
Support regulatory and audit interactions by ensuring consistent and complete risk documentation and by providing regional interpretation of cyber risk posture.
Accountability for regional cyber risk interpretation across all Asia markets.
Final decision authority for residual risk validation and the adequacy of risk documentation for Issues, Corrective Action Plans and Exception Requests.
Ownership of regional incident readiness and associated playbooks, simulation plans and expectations.
Lead regional aggregation and reporting of cyber risk themes and systemic exposures.
Provide final escalation decisions on cyber risk matters requiring regional intervention.
Work with Country Cyber Leads (BUSOs) to maintain local engagement with market technology leadership while ensuring consistent regional standards and expectations.
Collaborate with Security Risk Assessment and Advisory to ensure assessment outcomes are incorporated into risk decisions and prioritization across markets.
Coordinate with Line 1B Technology Risk for workflow processes involving tracking, timelines and documentation management.
Partner with Security Engineering and Enablement and architecture functions to ensure risk treatment strategies reflect technical constraints and enterprise requirements.
Engage Cyber Program Delivery to ensure cyber risk management activities are aligned with regional transformation timelines and dependencies.
Required Qualifications:
Extensive experience (typically 12 or more years) in cyber risk management, cyber resilience or cybersecurity leadership roles across multiple markets.
Strong understanding of enterprise cyber risk frameworks, global incident management processes and regulatory expectations across Asian jurisdictions.
Proven ability to lead diverse regional teams, build alignment across markets with varying maturity and influence senior technology and business stakeholders.
Experience coordinating incident response activities, readiness planning and conducting structured simulation exercises.
Strong analytical and communication skills, including the ability to interpret and articulate complex cyber risks for a non-technical audience.
Experience supporting regulatory inspections, supervisory interactions or audit processes.
Professional certifications such as CISSP, CISM or CRISC are preferred.
When you join our team:
We’ll empower you to learn and grow the career you want.
We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
As part of our global team, we’ll support you in shaping the future you want to see.
About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.
Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com.
Working Arrangement