AVP, Cyber Risk Governance & Regulatory Oversight– Global Risk

Manulife is seeking a highly experienced AVP of Cyber Risk Governance & Regulatory Oversight to join our Global Information & Cyber security risk function as part of our second line oversight. This pivotal role will provide strategic leadership and independent oversight of our cybersecurity risk and compliance programs, reporting directly to the VP of Information & Cyber Security Risk within our Global Risk team. The successful candidate will play a crucial role in ensuring our organization's adherence to global cybersecurity regulations, including OSFI B-13, OSFI Integrity & Security guidelines, SWIFT, PCI, and emerging AI compliance requirements. They will possess expertise in navigating the complexities of these frameworks, as well as in addressing threats posed by other sophisticated adversaries. The AVP will leverage industry-leading frameworks such as NIST and ISO to safeguard our operations and support our strategic objectives across all regions. They will also work to strengthen our resilience against critical threats, integrating insights from global threat intelligence to proactively manage risks.

Position Responsibilities:

• Leadership & Independent Oversight: Provide strategic leadership and independent oversight of cybersecurity risk, ensuring alignment with Manulife's strategic objectives. Perform independent evaluations using frameworks such as NIST and SWIFT to assess and enhance our cybersecurity posture. Interpret and oversee adherence to industry regulations, including OSFI, Solvency II, ISO, HKMA, PCPD, MAS, and PDPC, with a focus on financial data integrity, operational & cyber resilience, and customer trust. Lead initiatives to continually evaluate and enhance risk management processes, ensuring they are robust and responsive to evolving threats.

• Risk Taxonomy & Risk Appetite: Work with Enterprise Risk Management to refine Manulife’s cybersecurity risk taxonomy and risk appetite frameworks to reflect the complex regulatory environment.

• Cyber Regulatory Oversight: Oversee and challenge adherence to cyber regulatory requirements, ensuring accurate interpretation and compliance by the first line with critical industry regulators, including OSFI B-13, OSFI's security and integrity guidelines, and other global regulatory bodies. Emphasize the interpretation and implementation of regulatory requirements that enhance resilience and risk management, supporting national security and ensuring the protection of sensitive policyholder information to maintain industry trust. Stay at the forefront of emerging technologies and regulatory changes to ensure Manulife’s cybersecurity strategies remain robust and aligned with both domestic and international regulatory standards across all operational regions.

• Cyber Risk Reporting & Strategy: Lead the cyber risk reporting function by designing comprehensive metrics, KPIs, and dashboards to ensure effective Line 2 oversight; work with Centers of Excellence to build the reporting. Collaborate with the Information Risk team to update roadmaps, strategies, and processes in alignment with evolving risks and organizational objectives. Present risk data and insights clearly and effectively to senior leadership and stakeholders, ensuring informed decision-making and continuous improvement in our cybersecurity posture. Prepare cybersecurity board materials providing actionable insights on cyber risk and compliance, focusing on data security, operational resilience, and emerging technology risks.

• Strategic Influence & Oversight/Challenge: Collaborate with senior leadership and cross-functional teams to integrate cybersecurity risks into Manulife’s strategic goals. Provide independent challenge to cybersecurity initiatives, advocating for continuous improvement and alignment with regulatory requirements and risk appetite.

Required Qualifications:

• 7-10 years in cybersecurity risk management, with strong Line 2 governance experience in the insurance or financial services sectors.

• Demonstrated ability to provide strategic oversight and independent challenge in cybersecurity risk management, driving initiatives that align with organizational goals. Inspire and mentor team members to achieve high performance and foster a proactive security culture.

• Expertise in cybersecurity regulations, including OSFI, SWIFT, Solvency II, and data privacy laws.

• Strong understanding of the NIST Cybersecurity Framework, ISO27001/27002, PCI DSS 4.0, PIPEDA, AI regulations, and global compliance standards

• Proven experience in risk taxonomy development, risk appetite definition

• Possess a strong understanding of threat intelligence, with expertise in analyzing and applying insights to enhance cybersecurity measures. This position requires candidates to successfully complete a security screening process and obtain the necessary security clearance.

• Previous experience working with government stakeholders, as well as facilitating effective information sharing practices to support national security objectives would be beneficial.

• Demonstrated leadership in strategic oversight, with expertise in preparing board-level materials and developing risk metrics.

• Ability to work cross-functionally, aligning cybersecurity risk management with broader business strategies.

• Ability to analyze complex cybersecurity threats and trends, identifying potential risks and opportunities for improvement. Employ data-driven approaches to enhance risk assessment and reporting processes.

• Excellent verbal and written communication skills, with the ability to effectively convey complex cybersecurity concepts and insights to senior leadership, stakeholders, and board members. Skilled in crafting clear and concise reports, presentations, and documentation that facilitate informed decision-making

When you join our team:

• We’ll empower you to learn and grow the career you want.

• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our global team, we’ll support you in shaping the future you want to see.

À propos de Manuvie et de John Hancock

La Société Financière Manuvie est un chef de file mondial des services financiers qui aide les gens à prendre leurs décisions plus facilement et à vivre mieux. Pour en apprendre plus à notre sujet, rendez vous à l’adresse www.manuvie.com.

Manuvie est un employeur qui souscrit au principe de l’égalité d’accès à l’emploi

Chez Manulife/John Hancock nous valorisons notre diversité. Nous nous efforçons d’attirer, de perfectionner et de maintenir une main d'oeuvre qui est aussi diversifiée que nos clients, et de favoriser la création d’un milieu de travail inclusif qui met à profit la diversité de nos employés et les compétences de chacun. Nous nous engageons à assurer un recrutement, une fidélisation, une promotion et une rémunération équitables, et nous administrons toutes nos pratiques et tous nos programmes sans discrimination en raison de la race, de l’ascendance, du lieu d’origine, de la couleur, de l’origine ethnique, de la citoyenneté, de la religion ou des croyances ou des convictions religieuses, du genre (y compris grossesse et affection liée à une grossesse), de l’orientation sexuelle, des caractéristiques génétiques, du statut d’ancien combattant, de l’identité de genre, de l’expression de genre, de l’âge, de l’état matrimonial, de la situation de famille, d’une invalidité ou de tout autre motif protégé par la loi applicable.

Nous nous sommes donné comme priorité d’éliminer les obstacles à l’accès égalitaire à l’emploi. C’est pourquoi un représentant des Ressources humaines collaborera avec les candidats qui demandent accommodement raisonnable pendant le recrutement. Tous les renseignements communiqués pendant le processus de demande d'accommodement seront stockés et utilisés conformément aux lois et aux politiques applicables de Manuvie. Pour demander une mesure d’accommodement raisonnable dans le cadre du recrutement, écrivez à recruitment@manulife.com.

Région principale

Semaine de travail comprimée

L’échelle salariale devrait se situer entre

Si vous posez votre candidature à ce poste en dehors de la région principale, veuillez écrire à recruitment@manulife.com pour obtenir l’échelle salariale correspondant à votre région. Le salaire varie en fonction des conditions du marché local, de la géographie et de facteurs pertinents liés au poste telles les connaissances, les compétences, les qualifications, l’expérience et l’éducation ou la formation. Les employés ont également la possibilité de participer à des programmes de motivation et de toucher une rémunération incitative liée au rendement de l’entreprise et au rendement individuel.

Manuvie offre aux employés admissibles une vaste gamme d’avantages sociaux personnalisables, notamment une assurance soins médicaux, soins dentaires, santé mentale, soins de la vue, invalidité de courte et de longue durée, assurance vie et assurance DMA, assurance adoption, de maternité de substitution et de soins médicaux non urgents ainsi que des programmes d’aide aux employés et leur famille. Nous proposons également aux employés admissibles différents régimes d’épargne-retraite (y compris des régimes de rente et un programme international d’actionnariat assortie de cotisations patronales de contrepartie) ainsi que des ressources en matière d’éducation et de conseils financiers. Notre généreux programme de congés rémunérés au Canada comprend les jours fériés, les congés annuels, les congés personnels et les congés de maladie, et nous offrons toute la gamme des congés autorisés prévus par la loi. Si vous posez votre candidature à ce poste aux États-Unis, veuillez écrire à recruitment@manulife.com pour obtenir de plus amples renseignements sur les dispositions relatives aux congés rémunérés spécifiques aux États-Unis.