We are a leading financial services provider committed to making decisions easier and lives better for our customers and colleagues around the world. From our environmental initiatives to our community investments, we lead with values throughout our business. To help us stand out, we help you step up, because when colleagues are healthy, respected and meaningfully challenged, we all thrive. Discover how you can grow your career, make impact and drive real change with our Winning Team today.
Working Arrangement
Hybrid
Job Description
The Global Information Risk Management, Group Functions IRM team is actively searching for an experienced Senior Manager Information Risk Management.
This is a 2nd line of defense Information Risk Management (IRM) role which is a individual contributor role. The incumbent will assist the Director by executing objective assessments within different areas in Group Functions, Enterprise Technology & Services (ETS), and Global Data Technology to support information risk program and the team’s oversight and challenge, which will include key focus on areas such as information, technology, continuity and regulatory risks and controls. This will involve collaboration and partnership with 1st line of defense IT Governance, IT Teams, ORM (Operational Risk Management), Compliance, IRM 2nd line Assurance Center of Excellence (CoE) team and IRM 2nd line Practice Area teams.
The incumbent will be part of a team which will work with different areas within Group Functions, ETS, and GDT to perform objective assessments related to significant initiatives, vendors, and incidents. This insight and understanding will inform the segment level Information Risk Committee and management of areas of control weakness and risk, helping decision makers drive prioritized continuous improvement within their control environments. In addition, this role will have an understanding within the areas they support of the risks and risk treatment, perform control assurance tests on 1st line of defense control tests and review control exception requests.
You’ll be part of the wider Information Risk Management and Enterprise Risk community. You’ll join a world-class company known for its commitment to diversity, community involvement and work-life balance via the WorkSmart program which provides Hybrid working arrangement.
Responsibilities:
Act as a Product Line owner as required within the Oversight & Engagement team covering specific oversight area(s) to understand the team’s requirements as part of the associated standards and methodologies, engage associated practice area leaders and develop operational process and procedures to execute.
Produce and contribute to team reporting to risk partners and 2nd Line leadership which will provide data driven assurance statements and highlight risks associated with control deficiencies in a way that fosters collaboration and continuous improvement.
Build a wide understanding of products, capabilities and services for the areas supported by engaging IT teams which will include key focus on areas such as information, technology, continuity and regulatory risks and controls.
Conduct objective assessment on 1st Line team’s control testing evidence and provide opinion to management regarding effectiveness of the control testing activities.
Conduct objective assessment on 1st Line team’s control effectiveness review, root cause analysis and associated impact details of significant incidents and provide opinion to management regarding effectiveness of such activities.
Conduct objective assessment on 1st Line team’s significant IT vendor risk assessment and provide opinion to management regarding effectiveness of the review to support vendor risk concurrence activities and help 1st Line teams with appropriate identification and remediation of areas of control weakness and risk.
Conduct objective assessment on 1st Line team’s significant IT initiative risk assessment and provide opinion to management regarding effectiveness of the review to support initiative risk concurrence activities and help 1st Line teams with appropriate identification and remediation of areas of control weakness and risk.
Conduct objective assessment on 1st Line team’s Issue remediation activities and provide opinion to management regarding effectiveness of such remediation activities. Take on additional responsibilities as necessary
Knowledge/Skills/Competencies/Education:
5 years or more of progressive information risk management experience in one or more disciplines: project/vendor risk assessment, network security, infrastructure/platform security, data/application security, vulnerability/patch management, IT auditing, IT risk and control assessments, and business continuity/disaster recovery planning.
Working knowledge and experience in the following areas is a plus:
Cloud Services (i.e. IaaS, PaaS, SaaS)
Midrange technologies (i.e. Windows, Unix, DB's, Middleware, Business Applications, Presentation, Monitoring and Management tools).
Windows and related services (i.e. Active Directory, DNS, IIS, MSSQL), Active Directory Federated Services and Protocols (i.e. ADFS, SAML)
Networking technologies (TCP/IP, DNS, routing, switching, firewalls, LAN/WAN, etc)
Remote Desktop Services (i.e. Citrix, VDI)
Collaboration and messaging platforms (i.e. Office 365, Sharepoint)
Mobile Devices along with Mobile Device Management / Mobile Application Management Platforms and Services
DevOps teams and associated platforms (i.e. Terraform, Concourse, Chef, Ansible)
Security Operations Platforms (i.e. SIEM, IDS, IPS, etc)
Professional certification or designation in information security, IT auditing, business continuity and/or disaster recovery a plus, but not a requirement.
Post-secondary diploma or degree in computer science fields of study is preferred.
Excellent communication skills (oral and written) including presentation skills with demonstrated ability to present at all organizational levels.
Ability to work independently and as part of a team, managing multiple priorities across several service areas.
Experience with FAIR or comparable quantitative risk management frameworks is a plus
Innovative problem-solving skills with proven ability to exercise flexibility and judgement.
Ability to learn, know and act upon what is important to Manulife and the specific service areas you support.
Proven ability to build relationships, engage and influence others, work with a diverse internal and international user community, as well as vendors.
Strong interpersonal skills, including demonstrated ability to be sensitive and professional when communicating across geographical and cultural boundaries.
Effective influencing and negotiation skills with the aptitude to achieve consensus in a federated environment.
Experience implementing and/or supporting a large-scale corporate enterprise solution.
Previous experience in the Financial, Insurance or Healthcare sectors considered an asset.
About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Asia, Canada, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups and institutions. At the end of 2022, we had more than 40,000 employees, over 116,000 agents, and thousands of distribution partners, serving over 34 million customers. At the end of 2022, we had $1.3 trillion (US$1.0 trillion) in assets under management and administration, including total invested assets of $0.4 trillion (US $0.3 trillion), and segregated funds net assets of $0.3 trillion (US$0.3 trillion). We trade as ‘MFC’ on the Toronto, New York, and the Philippine stock exchanges, and under ‘945’ in Hong Kong.
Manulife is an Equal Opportunity Employer
At Manulife /John Hancock , we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour , ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process . All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies . To request a reasonable accommodation in the application process, contact .
Salary & Benefits
The annual base salary for this role is listed below.
Primary Location
Toronto, Ontario
Salary range is expected to be between
$84,375.00 CAD - $151,875.00 CAD
If you are applying for this role outside of the primary location, please contact for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.
Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact for more information about U.S.-specific paid time off provisions.