Information Assurance Manager

The Opportunity

The Manager, IRM Control Assurance Testing is a broadly-scoped and highly-leveraged role, requiring analytical and problem-solving mindset combined with strong communication, collaboration, and time management skills.

Reporting to the Director, IRM Control Assurance Testing, the incumbent will be responsible for executing and providing an objective assessment, on behalf of the 2nd line of defense, of the risk management activities conducted by the 1st line in their duties related to the ownership of respective end to end processes, for the purpose of providing management and audit services confidence that risk is properly managed by the business.

Assurance assessment will be conducted using a sample-based approach to test the 1st line control design and operating effectiveness, as well as the soundness of processes and methodologies.

Responsibilities include but are not limited to:

• Partnership with other lines of defense to self-identify controls’ improvement areas and corrective action plans

• Risk management services including assessment of information and technology risks, leveraging control frameworks

• Assurance of information risk assessment process, controls testing and conclusion validation according to Global IRM (GIRM) L2 assurance guidelines

• Help with the evolving assurance processes and procedures standardization and continuous improvement

• Introduction of opportunities to continuously improve the iCAT maturity

• Supporting iCAT in the planning of assurance based on an assessment of risks and controls

• Support building and developing the iCAT automation processes

Requirements:

• Minimum 5 years of progressive experience in the areas of Information Security / Business Resiliency / Technology Risk strategies, principles, processes, and deliverables within a large enterprise

• University degree (Computer Science or related discipline preferred)

• Understanding or working knowledge of cybersecurity concepts, such as, Security Operations (Vulnerability Management, DLP, SIEM etc.), Security Engineering (Cryptography, Cloud Security, Security Architecture etc.), Cyber Security etc.

• Understanding or working knowledge of Network and Network Security concepts and tools, such as, Network Access Controls, Intrusion Detection and Prevention, TACACS/Radius (Central authentication), Network Penetration Testing, red teaming etc.

• Understanding or working knowledge of information security controls, infrastructure technology, technology governance and assessments, ethical hacking / cyber security tools e.g., Qualys, Splunk, Netskope, Zscaler etc.

• Working knowledge of other technology infrastructure concepts, processes, and associated risks - such as, Active Directory, Operating System, On-premises Data Center etc.

• Previous risk advisory consulting experience is preferred

• Sound knowledge of best practices of various aspects of information risk management

• Any of lines of defense experience

• Experience analyzing complex data sets - Prior experience assessing or auditing various software development environments, including Agile.

• Ability to quickly comprehend business processes and identify the risk implications, analyze complex situations, reach appropriate conclusions, and make value-added and practical recommendations.

• In-depth knowledge of system development methodologies, cyber and network security processes, and regulatory requirements.

Competencies:

• Results oriented with a keen focus on quality and delivering value; ability to balance multiple priorities and projects; strong attention to detail while retaining focus on the “big picture” and top risks; flexible and organized with the ability to oversee multiple projects concurrently

• Strong communication, consulting, and report writing skills

• Problem solving, analytical, innovative, and strategic thinker

• Strong stakeholder’s alignment skills

• Strong presentation and facilitation skills to all levels and audiences

• Ability to develop and maintain strong relationships

• Strong team player (collaborative)

• Strong time management and organizational skills to manage multiple tasks and changing priorities

• Strong competencies in collaboration and problem solving

• Knowledge of the regulatory environments in the U.S. and Canada

• Knowledge of IT Assurance, IT audit, information security, risk management and/or compliance

• Recognized professional designations in Information Security, Audit and Business Continuity (e.g., CISSP, CISA, CISM, CEH, CRISC, FAIR, MBCP)

• Excellent influencing, and negotiation skills; professional presence, ability to navigate a matrix environment and influence across different areas and levels of management in IRM, Audit Services and Technology

• Demonstrated ability to work effectively in diverse environments and cultures, over multiple office locations

• Ability to identify opportunities to utilize data analytics for enhanced depth and breadth of assurance coverage

What motivates you?

• You obsess about customers, listen, engage and act for their benefit.

• You think big, with curiosity to discover ways to use your agile approach and enable business outcomes.

• You thrive in teams and enjoy getting things done together.

• You take ownership and build solutions, focusing on what matters.

• You do what is right, work with integrity and speak up.

• You share your humanity, helping us build a diverse and inclusive work environment for everyone.

What can we offer you?

• A competitive salary and benefits packages.

• A growth trajectory that extends upward and outward, encouraging you to follow your passions and learn new skills.

• A focus on growing your career path with us.

• Flexible work policies and strong work-life balance.

• Professional development and leadership opportunities.

Our commitment to you

• Values-first culture
  We lead with our Values every day and bring them to life together.

• Boundless opportunity
  We create opportunities to learn and grow at every stage of your career.

• Continuous innovation
  We invite you to help redefine the future of financial services.

• Delivering the promise of Diversity, Equity and Inclusion
  We foster an inclusive workplace where everyone thrives.

• Championing Corporate Citizenship
  We build a business that benefits all stakeholders and has a positive social and environmental impact.

#LI-hybrid

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact recruitment@manulife.com.

Salary range is expected to be between

If you are applying for this role outside of the primary location, please contact recruitment@manulife.com for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.

Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact recruitment@manulife.com for more information about U.S.-specific paid time off provisions.