Technology Risk and Business Continuity Lead

MediCard Phils., Inc. is one of the country's leading HMO and the only HMO founded and run by Doctors. Since its inception, the concept of service-oriented total health care has been the molding ideal of MediCard. The competition is vast, and the benefits being offered by the competitors are tempting. However, MEDICard has taken the lead in providing innovative and productive ideas that cut down the cost of health maintenance without compromising its quality. MediCard now boasts of more than half a million members and over 54,000 accredited doctors in over 1,000 hospitals and clinics nationwide. It also operates 16 MediCard free-standing clinics that provide services at par with those offered by hospitals minus the confinement. MediCard is currently looking for assertive, dynamic and energetic individuals to fill up the following vacancy:

Technology Risk Lead

1. Develop and lead security governance framework & risk portfolio, in accordance with AIA's IT control policies and guidelines.
2. Conduct gap analysis on various regulatory requirements and drive programs to bridge the gap.
3. Lead and coordinate cyber security assessments and industry compliance assessments.
4. Define and supervise relevant KRIs related to IT risks and provide regular updates to the Operational Risk Committee, and update Group Technology Risk when vital.
5. Partner with risk owners to drive the identification and assessment, management and response, monitoring, and controls of data and technology risks on key initiatives and projects.
6. Serve as subject expert in examining Risk Papers of key projects.
7. Drive the establishment of operation processes for leading the life cycle of identity information; user access, and privileged ID usage, protection of the critical data, cloud security, with the use of state-of-the-art vendor solutions.
8. Partner with Group Office to evaluate new tech risk solutions and assess the implementation risk of the group-wide projects.
9. Interface and liaise with business key team members (e.g. HR, PD, Customer Experience, and Transformation, Health & Wellness Strategy Management, etc.) to roll out new Technology Risk initiatives and uplift the security of the business applications.
10. Support the CRO and the Head of Tech Risk & BCM to explore and deliver new and secure IT solutions and evaluate new IT strategic partners.
11. Lead the communications with Group Office, business partners, corporate clients, and other external parties on IT security matters.
12. Develop plans to uplift the technology risk standard and resiliency across the organization.
13. Provide governance and support over IT security, cybersecurity, and cloud security products and services, including but not limited to: identity and access management (IAM), data loss protection (DLP), network security, endpoint and data loss protection, secure file exchanges, and vulnerability management.
14. Supervise security incident response, handling and investigation process.

Business Continuity

1. Maintain the corporate-wide business continuity program that addresses disaster recovery, business recovery, and emergency response management.
2. Work with senior members of the Technology, Operations, and Risk leadership teams to ensure that remediation plans are implemented and tracked accordingly.
3. Lead and support annual business recovery exercises, which may include Dedicated Recovery Sites (DRS), Remote Access, Alternate Office, and Work Transfer, depending on function and location.
4. Help the business functions to conduct periodic Business Impact Analysis, identify recovery requirements, and work with the business continuity coordinators to develop and implement recovery plans in the event of a business disruption.
5. Identify opportunities for strategic improvement or mitigation of business interruption and other risks caused by business, regulatory, or industry-specific change initiatives.
6. Plan and coordinate all business continuity testing and exercises. Coordinate and facilitate regular, complete, and significant BCM tests and post-exercise reports.
7. Work closely with IT, Operations, and other business units to develop/maintain DR plans for critical systems and applications and to ensure that internal recovery sites are updated and functioning properly. This includes reviewing business impact assessment reports and conducting challenge sessions to ensure appropriate tiering and Recovery Time Objective/Maximum Tolerable Period of Disruption levels are assigned.
8. Liaise with Business Continuity Coordinators to develop effective working relationships.
9. Liaise with contract owners and lead the company's BCM readiness assessment for Third Parties.
10. Perform threat and risk assessments pertaining to Business Continuity to identify points of vulnerability, single points of failure, and identify risk avoidance and mitigation strategies.
11. Assist in crisis management as BCM subject matter expert in the event of a business interruption.
12. Provide regular status updates until closure to Group/BU key stakeholders during major incidents.
13. Develop and deliver appropriate BCM education and awareness programs.
14. Develop regular BCM program status reports to Group and local management.
15. Analyze and report on implications of regulatory requirements and industry guidance on BCP/DR programs.