Manulife is seeking a Manager, Information Risk Management to lead the execution of independent second line challenge and oversight activities across technology, data, and operational risk. Reporting to Director, IRM, IRO, this role provides analysis, challenge, and governance scrutiny to ensure first line risk practices meet Manulife’s risk appetite, standards, and regulatory expectations.
The Manager provides expert-level independent oversight (not operational ownership) across:
Key Responsibilities:
Risk & Control Self-Assessments (RCSAs)
Perform deep‑dive reviews of RCSAs across technology, data, and operations.
Challenge the accuracy of risk identification, inherent/residual ratings, and control assertions.
Identify under‑assessed risks, inadequate controls, or inconsistencies across assessments.
Third‑Party / Vendor Technology Risk
Challenge first‑line due diligence results, inherent risk scoring, and compensating controls.
Evaluate adequacy of vendor oversight for cloud, SaaS, critical providers, and high‑risk technology services.
Provide second‑line opinion on residual risk and required mitigation.
Initiative & Change Risk Oversight
Review major programs, platform changes, and technology transformations for risk impact.
Challenge assumptions around control design, architecture changes, and implementation risk.
Assess adequacy of first‑line mitigation plans for risks introduced by new solutions.
Reportable Events & Incident Oversight
Review incident documentation, severity classification, and root‑cause analysis.
Challenge the completeness of event investigations and recurrence prevention plans.
Identify thematic trends across events for reporting to senior leadership.
Issue Management (Risk Acceptances & Corrective Action Plans)
Challenge the validity and appropriateness of first‑line risk acceptances.
Evaluate corrective action plans for feasibility, urgency, and expected risk reduction.
Validate CAP closure evidence from a second‑line perspective.
BCM, DR & Critical Operations Oversight
Independently review business continuity plans, disaster recovery testing outcomes, and resilience maturity.
Challenge critical operations classification, recovery objectives, and testing sufficiency.
Identify gaps requiring escalation or thematic risk reporting.
Data Analysis & Second-Line Risk Insights
Conduct advanced analysis of enterprise risk datasets (issues, events, assessments, controls, testing).
Identify emerging risk themes, systemic control weaknesses, or concentration risk.
Produce decision‑grade risk intelligence and oversight insights for Directors, AVPs, and executives.
Support the development of consolidated second‑line opinions for senior governance forums.
Automation, Generative AI & Agentic AI Enablement
Leverage Generative and Agentic AI to enhance oversight efficiency, evidence review, and thematic analysis.
Support adoption of automated workflows, continuous monitoring, and AI‑based risk detection.
Assess the reliability and explainability of AI‑generated insights used for second‑line challenge.
Identify opportunities to increase automation maturity within risk oversight processes.
Stakeholder Engagement
Serve as a trusted advisor to directors, AVPs, first‑line technology leaders, and centers of excellence.
Communicate second‑line challenge outcomes with clarity, evidence, and constructive business engagement.
Influence senior stakeholders while maintaining second‑line independence and objectivity.
Represent second‑line viewpoints in assessments, risk discussions, and governance forums.
Required Qualifications
6–10+ years of experience in Information Risk, Technology Risk, Cyber Risk, GRC, or Operational Risk.
Experience performing independent second‑line oversight or audit-style review activities.
Strong understanding of technology, data, cloud, infrastructure, and operational resilience risks.
Ability to evaluate complex risk scenarios and form well‑supported second‑line opinions.
Experience with risk programs (RCSA, third‑party risk, issues, incidents, BC/DR, change risk).
Familiarity with GRC platforms such as Archer, ServiceNow, or Fusion.
Knowledge of regulatory frameworks and standards (ISO, NIST, COBIT, CSA/CCM, OSFI, etc.).
Exposure to Generative AI, Agentic AI, automation tools, or continuous monitoring technologies.
When you join our team:
We’ll empower you to learn and grow the career you want.
We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
As part of our global team, we’ll support you in shaping the future you want to see.
About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.
Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com.
Working Arrangement