Manulife is seeking a Director, Information Risk Management to oversee the execution of independent second‑line challenge and oversight across technology, data, operational resilience, and enterprise risk programs. Reporting directly to the AVP, Information Risk Officer for Group Functions, this role has full accountability for delivery, quality, and execution of all second-line oversight activities performed by the team.
This role ensures all assessments and oversight outputs adhere to second‑line expectations, risk governance standards, and Manulife’s risk appetite—while providing high‑quality risk insights to senior stakeholders.
Key Responsibilities
Independent Challenge & Oversight Leadership
Lead the design, execution, and continuous improvement of second‑line challenge across technology, data, and operational risk domains.
Provide authoritative, evidence‑based challenge of first‑line risk assessments, control designs, remediation plans, and risk acceptances.
Formulate, approve, and present second‑line risk opinions with clear rationales and traceable evidence.
Act as a key escalation point for material risks, systemic issues, and governance concerns requiring senior management attention.
Oversight Across Key Risk Programs
The Director ensures consistent, high‑quality oversight of second‑line programs, including:
Risk & Control Self-Assessments (RCSAs)
Oversee the review and challenge of all technology, data, and operational RCSAs.
Ensure the team identifies underassessed risks, inadequate controls, or rating inconsistencies across domains.
Third‑Party / Vendor Technology Risk Oversight
Oversee challenge activities related to vendor inherent risk scoring, due diligence, control adequacy, and residual risk.
Ensure elevation of risks related to critical vendors, cloud providers, and high‑impact technology services.
Initiative & Change Risk Oversight
Direct the team’s oversight of high‑impact programs, platform initiatives, and IT transformations.
Challenge the sufficiency of first line mitigation strategies during design, deployment, and implementation phases.
Reportable Events & Incident Oversight
Ensure rigorous second‑line review of incidents, classification, root‑cause analysis, and thematic trends.
Escalate patterns of recurring issues and systemic control failures to senior leadership.
Issue Management (Risk Acceptances & CAPs)
Oversee challenge of risk acceptance, ensuring alignment to appetite and regulatory expectations.
Validate that corrective action plans are feasible, time‑bound, and meaningfully reduce risk.
BCM, DR, and Critical Operations Oversight
Provide oversight and challenge of business continuity plans, disaster recovery testing, and resilience controls.
Ensure effective identification of critical operations and realistic recovery objectives.
Team Oversight, Delivery Management & Quality Assurance
Leadership
Oversee the Manager and Analyst pool to ensure coordinated delivery of oversight work.
Provide leadership, direction, and prioritization of the work program across all supported domains.
Accountability for Execution & Delivery
Hold direct accountability for end‑to‑end execution, ensuring all oversight assessments, analyses, and challenge activities meet scope, deadlines, and quality expectations.
Ensure work is appropriately resourced, sequenced, and aligned to risk priorities and governance commitments.
Quality Assurance & Standards Adherence
Review, approve, and sign off on all second‑line deliverables before they are shared with Directors, AVPs, executives, and governance forums.
Ensure all outputs are well‑evidenced, consistent, analytically sound, and aligned with regulatory requirements and internal standards.
Data Analysis & Second‑Line Risk Insights
Direct thematic analysis across risk data, identifying emerging risks, systemic issues, and cross‑domain patterns.
Own the delivery of risk reporting packages, dashboards, and oversight summaries for senior leadership, committees, and regulatory interactions.
Ensure risk intelligence is decision‑grade, insight‑driven, and timely.
Automation, Generative AI & Agentic AI Enablement
Champion the adoption of workflow automation, Generative AI, and Agentic AI to enhance oversight effectiveness and scalability.
Oversee integration of AI‑assisted evidence review, continuous monitoring, and analytical tooling into second‑line processes.
Ensure governance, explainability, and reliability standards are met for AI‑enabled oversight capabilities.
Stakeholder Engagement & Influence
Serve as a trusted advisor to Group IRO leadership, technology and data executives, and cross‑functional governance forums.
Communicate second‑line challenge outcomes with authority, clarity, and strategic insight.
Represent the second line at senior leadership meetings, risk committees, and cross‑functional working groups.
Maintain independence while fostering strong, effective partnerships across the enterprise.
Key Outcomes
High‑quality, consistent, enterprise‑wide second‑line oversight across all technology and data risk domains.
Timely delivery of oversight commitments, regulatory expectations, and governance requirements.
Strengthened risk appetite alignment and improved risk posture across the organization.
Effective use of AI‑enabled oversight, automation, and data-driven risk intelligence.
Enhanced regulatory confidence in Manulife’s second‑line governance and assurance model.
Required Qualifications
8-10 years of experience in Information Risk, Technology Risk, Cybersecurity, Operational Risk, or GRC.
Strong experience leading second‑line or audit-style oversight programs across global enterprises.
Proven ability to deliver complex, multi‑domain oversight programs with accountability for quality and timeliness.
Ability to lead blended teams (onshore and offshore) through influence, guidance, and technical direction.
Deep knowledge of cloud, infrastructure, data platforms, resilience, and enterprise IT environments.
Familiarity with regulatory frameworks (ISO, NIST, COBIT, CSA/CCM, OSFI, etc.).
Experience with Generative AI, automation workflows, or continuous control monitoring tools is preferred.
Excellent communication, risk judgment, and stakeholder engagement skills.
When you join our team:
We’ll empower you to learn and grow the career you want.
We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
As part of our global team, we’ll support you in shaping the future you want to see.
About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.
Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com.
Working Arrangement