diff --git a/instance-applications/510-550-ibm-mas-suite-app-config/templates/03-ibm-manage-update_Job.yaml b/instance-applications/510-550-ibm-mas-suite-app-config/templates/03-ibm-manage-update_Job.yaml
new file mode 100644
index 00000000..bd14495f
--- /dev/null
+++ b/instance-applications/510-550-ibm-mas-suite-app-config/templates/03-ibm-manage-update_Job.yaml
@@ -0,0 +1,167 @@
+{{- if (eq .Values.mas_app_id "manage") }}
+{{- if and (.Values.mas_appws_spec.settings.db.upgrade) (.Values.mas_appws_spec.settings.db.upgrade.upgradeType) }}
+{{- if (eq .Values.mas_appws_spec.settings.db.upgrade.upgradeType "onlineUpgrade") }}
+
+{{ $ns        :=  .Values.mas_app_namespace }}
+{{ $np_name   :=  "mas-manage-update-np" }}
+{{ $role_name :=  "mas-manage-update-role" }}
+{{ $sa_name   :=  "mas-manage-update-sa" }}
+{{ $rb_name   :=  "mas-manage-update-rb" }}
+{{ $job_label :=  "mas-manage-update-job" }}
+
+---
+# Permit outbound communication by the Job pods
+# (Needed to communicate with the K8S HTTP API and AWS SM)
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: {{ $np_name }}
+  namespace: {{ $ns }}
+  annotations:
+    argocd.argoproj.io/sync-wave: "602"
+{{- if .Values.custom_labels }}
+  labels:
+{{ .Values.custom_labels | toYaml | indent 4 }}
+{{- end }}
+spec:
+  podSelector:
+    matchLabels:
+      app: {{ $job_label }}
+  egress:
+    - {}
+  policyTypes:
+    - Egress
+
+---
+# Service account that is authorized to read k8s secrets (needed by the job)
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ $sa_name }}
+  namespace: {{ $ns }}
+  annotations:
+    argocd.argoproj.io/sync-wave: "602"
+{{- if .Values.custom_labels }}
+  labels:
+{{ .Values.custom_labels | toYaml | indent 4 }}
+{{- end }}
+
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ $role_name }}
+  namespace: {{ $ns }}
+  annotations:
+    argocd.argoproj.io/sync-wave: "602"
+{{- if .Values.custom_labels }}
+  labels:
+{{ .Values.custom_labels | toYaml | indent 4 }}
+{{- end }}
+rules:
+  - verbs:
+      - get
+      - list
+      - patch
+    apiGroups:
+      - "apps.mas.ibm.com"
+    resources:
+      - manageworkspace
+      - manageofflineupgraderequest
+
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ $rb_name }}
+  namespace: {{ $ns }}
+  annotations:
+    argocd.argoproj.io/sync-wave: "603"
+{{- if .Values.custom_labels }}
+  labels:
+{{ .Values.custom_labels | toYaml | indent 4 }}
+{{- end }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ $sa_name }}
+    namespace: {{ $ns }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ $role_name }}
+
+
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: mas-manage-update-v1-{{ omit .Values "junitreporter" | toYaml | adler32sum }}
+  namespace: {{ $ns }}
+  annotations:
+    argocd.argoproj.io/sync-wave: "604"
+{{- if .Values.custom_labels }}
+  labels:
+{{ .Values.custom_labels | toYaml | indent 4 }}
+{{- end }}
+spec:
+  schedule: {{ .Values.manage_update.schedule | default "0 0 * * *" }}
+  concurrencyPolicy: Replace
+  suspend: false
+  jobTemplate:
+    metadata:
+      labels:
+        app: {{ $job_label }}
+{{- if .Values.custom_labels }}
+{{ .Values.custom_labels | toYaml | indent 8 }}
+{{- end }}
+    spec:
+      containers:
+        - name: run
+          image: quay.io/ibmmas/cli:latest
+          imagePullPolicy: IfNotPresent
+          resources:
+            limits:
+              cpu: 200m
+              memory: 512Mi
+            requests:
+              cpu: 10m
+              memory: 64Mi
+          env:
+            - name: MAS_APP_NAMESPACE
+              value: {{ .Values.mas_app_namespace }}
+            - name: MAS_APP_ID
+              value: {{ .Values.mas_app_id }}
+            - name: MAS_INSTANCE_ID
+              value: {{ .Values.instance_id }}
+            - name: MAS_WORKSPACE_ID
+              value: {{ .Values.mas_workspace_id }}
+          command:
+            - /bin/sh
+            - -c
+            - |
+
+              set -e
+              echo
+              echo "================================================================================"
+              echo "Check if we need to set the ManageOfflineUpgradeRequest stage to Requested"
+              echo "================================================================================"
+              echo
+
+              ONLINE_UPDATE_DONE_MSG="Database online upgrade portion is done, waiting for offline request."
+              MANAGE_DBREADY_MSG=$(oc get ManageWorkspace -n ${MAS_APP_NAMESPACE} ${MAS_INSTANCE_ID}-${MAS_WORKSPACE_ID}" -o=jsonpath="{.status.conditions[?(@.type=='DBReady')].message}")
+              if [[ $MANAGE_DBREADY_MSG == *"$ONLINE_UPDATE_DONE_MSG"* ]]; then
+                echo "ManageWorkspace indicates it is ready for offline upgrade: ${MANAGE_DBREADY_MSG}"
+                oc patch -n ${MAS_APP_NAMESPACE} manageofflineupgraderequests.apps.mas.ibm.com manageofflineupgraderequest-${MAS_WORKSPACE_ID} -p '{"spec":{"stage":"requested"}}'
+              else
+                echo "The ManageWorkspace does not indicate it is ready for offlineupgrade, so do nothing : ${MANAGE_DBREADY_MSG}"
+              fi
+              
+
+      restartPolicy: Never
+      serviceAccountName: {{ $sa_name }}
+  backoffLimit: 4
+
+
+{{- end }}
+{{- end }}
+{{- end }}