Lead Systems Analyst, IT Risk & Controls
Wellington Management offers comprehensive investment management capabilities that span nearly all segments of the global capital markets. Our investment solutions, tailored to the unique return and risk objectives of institutional clients in more than 60 countries, draw on a robust body of proprietary research and a collaborative culture that encourages independent thought and healthy debate. As a private partnership, we believe our ownership structure fosters a long-term view that aligns our perspectives with those of our clients.
We are transitioning to a hybrid work environment where both remote work and the office play a critical role. Our vision is a future where all employees are empowered to work flexibly to drive the best outcomes for our clients. Flexible work is a mindset and a core value. Our employees are encouraged to work remotely two days a week as a standard practice and will have flexibility in terms of working hours. POSITION
We are seeking an individual to join our global Information Technology Risk & Controls team to provide second line of defense oversight and governance over the corporate Information Security for China and the greater APAC region.
This role will be a key member of the firmwide IT Risk & Controls team, working with other global representatives to develop standards, processes, and controls at both the local and corporate level, as well as developing processes to monitor the effectiveness of those controls for the local and other APAC regional offices. As part of this role, you will be exposed to some of the latest technologies and approaches.
- Oversight of the implementation of Wellingtons' Information Security and Technology Risk & Controls programs for Wellington's APAC Affiliates.
- Lead risk assessment processes for APAC Affiliates and as part of broader global assessments.
- Regular reporting to and support of the APAC office boards and risk committees
- Regular review of Information Security and Information Technology incidents reported locally or by outside parties used to provide services to assess potential impact to the office and report findings to senior leaders
- Monitoring the adequacy and effectiveness of internal control activities, performing an in-depth analysis of any areas of increasing risk, and escalating areas of concern to senior leaders
- Helping to define and further develop risk management frameworks which are relevant to China and the other APAC offices
- Ensuring intragroup service agreements meet APAC IT and Information Security requirements
- Representing the APAC offices' interests in firmwide committees and working groups
- Development of Key Risk Indicators
- Assist in the design and development of processes and controls to manage risks, inclusive of disaster recovery and business continuity planning
- Develop and deliver Information Security Awareness training across APAC
- Maintain documentation for all local office guidelines, assessments, and reviews
- Alignment with local Compliance function to understand all relevant laws and regulations with regard to information security and information risk for China and the greater APAC region
SKILLS JOB TITLE
- A minimum of 5 years' experience in an Information Security or Information Technology Risk & Controls discipline
- Previous experience assessing, documenting, and communicating Information Security and Information Technology Risk to senior leaders, risk committees and boards
- A strong understanding of, and proven experience working with, regulatory requirements in China, Hong Kong, Singapore, and other APAC regions
- Previous experience leading a second line of defense risk management function
- CISSP, CISA, CRISC, CISM, or CGEIT certification, or proven experience in Information Security and Information Technology risk management including cyber security, data security and personal information protection, etc. is required
- Ability to function independently and as part of a global team who perform similar functions for EMEA and the Americas.
- Excellent oral and written communication skills in Mandarin and English, with a proven ability to effectively interact with teams representing a wide variety of technical and business disciplines.
Lead Systems Analyst, IT Risk & Controls LOCATION
As an equal opportunity employer, Wellington Management ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, sex, sexual orientation, gender identity, gender expression, religion, creed, national origin, age, ancestry, disability (physical or mental), medical condition, citizenship, marital status, pregnancy, veteran or military status, genetic information or any other characteristic protected by applicable law . If you are a candidate with a disability, or are assisting a candidate with a disability, and require an accommodation to apply for one of our jobs, please email us at GMCANINQ@wellington.com .