Join the Enterprise Technology Services – Governance & Controls (ETS G&C) team and play a key role in protecting the organization’s information assets and strengthening our internal control environment. In this opportunity, you will conduct risk assessments, support audits, and partner with technology teams to embed effective security controls. You will collaborate closely with the Director, Technology Governance & Control, to ensure compliance with policies and regulatory requirements while contributing to strategic technology initiatives. This role offers the chance to influence enterprise-wide security practices, build cross‑functional partnerships, and grow your expertise in a dynamic and evolving technology risk landscape.
Position Responsibilities
Perform information risk assessments in alignment with global methodologies, policies, and standards across new and existing tools, technologies, and business areas.
Recommend new or enhanced security controls to strengthen enterprise security.
Collaborate with developers, engineers, and support teams to implement and automate security controls, including cloud and container security within CI/CD pipelines.
Perform and maintain RCSAs by evaluating control design and effectiveness, identifying gaps or emerging risks, and partnering with SMEs on remediation and documentation updates.
Develop and support corrective action plans for key controls or measures where deficiencies are identified.
Collaborate with ETS cloud, architecture, IT Asset Management, Infrastructure, Line 2, and control owners to ensure effective execution of risk processes and alignment with enterprise governance standards.
Partner with Line 3 Audit and SMEs to gather/validate evidence, coordinate audit responses, challenge findings, and track deliverables throughout the audit lifecycle.
Govern, operate, and mature the organizational technology risk management program, including reporting program status and key risk metrics.
Review and maintain current knowledge of Information Risk Standards and Technology Risk Policies.
Required Qualifications
Minimum 5 years of progressive experience in Technology Risk, Information Security, or IT Infrastructure/Architecture, ideally within a regulated financial environment.
Strong understanding of cybersecurity and technology risk domains (risk assessment, incident response, network security, cloud security, and regulatory expectations).
Familiarity with regulatory and industry frameworks such as OSFI B‑13, NIST CSF, ISO 27001, CIS Controls, SOC 1/SOC 2, and Cyber/Tech Risk Management practices.
Hands‑on experience with platforms such as Archer, Jira, Confluence, and ServiceNow.
Strong understanding of cloud environments — Azure required, AWS an asset.
University degree in Computer Science, IT, Risk Management, or related discipline; professional certifications (CISSP, CISA, CRISC, CISM) preferred.
Preferred Qualifications
Strong analytical, communication, and stakeholder‑management skills with the ability to influence across diverse teams.
Knowledge of key cybersecurity trends (e.g., ransomware, attack frameworks, zero trust, AI‑driven threats) and emerging cloud‑native technologies (serverless, container orchestration, OT, AI‑focused systems, fintech).
Ability to assess technical controls across network, infrastructure, and cloud environments and evaluate related risks.
Understanding of Generative AI foundations, principles, and tools.
Flexible and adaptable to change.
Superior influencing and negotiation skills; strong consensus‑building abilities.
Demonstrated thought leadership in technology risk and control practices.
Service‑oriented and collaborative mindset with emphasis on trust‑building.
Accountability, transparency, and strong follow‑through in performance.
Persistent in driving efficiencies, process improvements, and strategic enhancements.
Strong industry awareness and understanding of standard processes.
When you join our team:
We’ll empower you to learn and grow the career you want.
We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
As part of our distributed team, we’ll support you in shaping the future you want to see.
About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.
Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com.
Referenced Salary Location
Toronto, OntarioWorking Arrangement
Salary range is expected to be between
$113,000.00 CAD - $163,000.00 CADEmployees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. If you are applying for this role outside of the primary location, please contact hr@manulife.com for the salary range for your location.
Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact hr@manulife.com for more information about U.S.-specific paid time off provisions.