The Manager, Information Risk Assurance is a broadly scoped and highly leveraged role, requiring analytical and problem-solving mindset combined with strong communication, collaboration, and time management skills.
Responsibilities include but are not limited to:
Partnership with other lines of defense to self-identify controls’ improvement areas and corrective action plans
Risk management services, including assessment of information and technology risks, leveraging control frameworks
Assurance of information risk assessment process, controls testing and conclusion validation according to Global IRM (GIRM) L2 assurance guidelines
Help with the evolving assurance processes and procedures standardization and continuous improvement
Introduction of opportunities to continuously improve the Service Assurance and Risk Monitoring (SARM) maturity
Supporting SARM in the planning of assurance based on an assessment of risks and controls
Support building and developing the automation processes (e.g., Automated Control Testing)
Key Responsibilities:
Perform assurance activities in the areas of business continuity management, incidents, KRIs, KPIs, ODF initiatives and change, third party risk management, IT asset inventory, vulnerability management, network security, application security, cryptographic safeguard, penetration and access, and other information security areas.
Execute assurance projects in full recognition of the risks of the company that encompass the inherent risks, control risks and internal/external environment and regulatory risks. This may encompass individual segment engagements and broader assurance engagements for global level of enterprise level functions/processes.
Ensure that all assurance procedures executed are conducted in accordance with Global IRM Methodologies
Understand Information Technology control environment to conduct the assurance for risk assessments of the effectiveness and efficiency of internal controls and operating practices.
Support multiple simultaneous assurance projects to ensure time and quality objectives are met. Timely escalate potential budget over-runs and resourcing concerns to Engagement Lead.
Work with the IROs and their teams to ensure process assurance of the key risks and gaps identified from assurance engagements, and to further track and report on management corrective action plans as required.
Participate in assurance timeline planning and keep pace with both internal drivers (IRM standards and Technology processes) and external drivers (technology, regulations, risks, and control standards).
Stay abreast with evolving information and technology risks, new regulations, laws and requirements for technology, information security, cybersecurity, and privacy across the company jurisdictions.
Help to provide “big picture” insights based upon knowledge and research enhancing GIRM Assurance COE’s value proposition with senior leadership and business groups which include Global and Divisional Information Services teams, Global Privacy and Compliance, Operational Risk Management and Audit Services executives and others within other second and third line of defense teams (Audit Services, Operational Risk, Compliance, Investigative Services, Enterprise Risk, etc.).
Qualifications:
Minimum 5 years of progressive experience in the areas of Information Security / Business Resiliency / Technology Risk strategies, principles, processes, and deliverables within a large enterprise
University degree (Computer Science or related discipline preferred)
Understanding or working knowledge of cybersecurity concepts, such as, Security Operations (Vulnerability Management, DLP, SIEM etc.), Security Engineering (Cryptography, Cloud Security, Security Architecture etc.), Cyber Security etc.
Understanding or working knowledge of Network and Network Security concepts and tools, such as, Network Access Controls, Intrusion Detection and Prevention, TACACS/Radius (Central authentication), Network Penetration Testing, red teaming etc.
Understanding or working knowledge of information security controls, infrastructure technology, technology governance and assessments, ethical hacking / cyber security tools e.g., Qualys, Splunk, Netskope, Zscaler etc.
Working knowledge of other technology infrastructure concepts, processes, and associated risks - such as, Active Directory, Operating System, On-premises Data Center etc.
Previous risk advisory consulting experience is preferred
Sound knowledge of best practices of various aspects of information risk management
Any of lines of defense experience
Experience analyzing complex data sets - Prior experience assessing or auditing various software development environments, including Agile.
Ability to quickly comprehend business processes and identify the risk implications, analyze complex situations, reach appropriate conclusions, and make value-added and practical recommendations.
In depth knowledge of system development methodologies, cyber and network security processes, and regulatory requirements.
Preferred Qualifications:
Knowledge of IT Assurance, IT audit, information security, risk management and/or compliance
Recognized professional designations in Information Security, Audit and Business Continuity (e.g., CISSP, CISA, CISM, CEH, CRISC, FAIR, MBCP)
Excellent influencing, and negotiation skills; professional presence, ability to navigate a matrix environment and influence across different areas and levels of management in IRM, Audit Services and Technology
When you join our team:
We’ll empower you to learn and grow the career you want.
We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
As part of our global team, we’ll support you in shaping the future you want to see.
About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.
Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com.
Working Arrangement