Information Assurance Manager

The Opportunity

The Manager, IRM Control Assurance Testing is a broadly-scoped and highly-leveraged role, requiring analytical and problem-solving mindset combined with strong communication, collaboration, and time management skills.

Reporting to the Director, IRM Control Assurance Testing, the incumbent will be responsible for executing and providing an objective assessment, on behalf of the 2nd line of defense, of the risk management activities conducted by the 1st line in their duties related to the ownership of respective end to end processes, for the purpose of providing management and audit services confidence that risk is properly managed by the business.

Assurance assessment will be conducted using a sample-based approach to test the 1st line control design and operating effectiveness, as well as the soundness of processes and methodologies.

Responsibilities include but are not limited to:

• Partnership with other lines of defense to self-identify controls’ improvement areas and corrective action plans

• Risk management services including assessment of information and technology risks, leveraging control frameworks

• Assurance of information risk assessment process, controls testing and conclusion validation according to Global IRM (GIRM) L2 assurance guidelines

• Help with the evolving assurance processes and procedures standardization and continuous improvement

• Introduction of opportunities to continuously improve the iCAT maturity

• Supporting iCAT in the planning of assurance based on an assessment of risks and controls

• Support building and developing the iCAT automation processes

Requirements:

• Minimum 5 years of progressive experience in the areas of Information Security / Business Resiliency / Technology Risk strategies, principles, processes, and deliverables within a large enterprise

• University degree (Computer Science or related discipline preferred)

• Understanding or working knowledge of cybersecurity concepts, such as, Security Operations (Vulnerability Management, DLP, SIEM etc.), Security Engineering (Cryptography, Cloud Security, Security Architecture etc.), Cyber Security etc.

• Understanding or working knowledge of Network and Network Security concepts and tools, such as, Network Access Controls, Intrusion Detection and Prevention, TACACS/Radius (Central authentication), Network Penetration Testing, red teaming etc.

• Understanding or working knowledge of information security controls, infrastructure technology, technology governance and assessments, ethical hacking / cyber security tools e.g., Qualys, Splunk, Netskope, Zscaler etc.

• Working knowledge of other technology infrastructure concepts, processes, and associated risks - such as, Active Directory, Operating System, On-premises Data Center etc.

• Previous risk advisory consulting experience is preferred

• Sound knowledge of best practices of various aspects of information risk management

• Any of lines of defense experience

• Experience analyzing complex data sets - Prior experience assessing or auditing various software development environments, including Agile.

• Ability to quickly comprehend business processes and identify the risk implications, analyze complex situations, reach appropriate conclusions, and make value-added and practical recommendations.

• In-depth knowledge of system development methodologies, cyber and network security processes, and regulatory requirements.

Competencies:

• Results oriented with a keen focus on quality and delivering value; ability to balance multiple priorities and projects; strong attention to detail while retaining focus on the “big picture” and top risks; flexible and organized with the ability to oversee multiple projects concurrently

• Strong communication, consulting, and report writing skills

• Problem solving, analytical, innovative, and strategic thinker

• Strong stakeholder’s alignment skills

• Strong presentation and facilitation skills to all levels and audiences

• Ability to develop and maintain strong relationships

• Strong team player (collaborative)

• Strong time management and organizational skills to manage multiple tasks and changing priorities

• Strong competencies in collaboration and problem solving

• Knowledge of the regulatory environments in the U.S. and Canada

• Knowledge of IT Assurance, IT audit, information security, risk management and/or compliance

• Recognized professional designations in Information Security, Audit and Business Continuity (e.g., CISSP, CISA, CISM, CEH, CRISC, FAIR, MBCP)

• Excellent influencing, and negotiation skills; professional presence, ability to navigate a matrix environment and influence across different areas and levels of management in IRM, Audit Services and Technology

• Demonstrated ability to work effectively in diverse environments and cultures, over multiple office locations

• Ability to identify opportunities to utilize data analytics for enhanced depth and breadth of assurance coverage

What motivates you?

• You obsess about customers, listen, engage and act for their benefit.

• You think big, with curiosity to discover ways to use your agile approach and enable business outcomes.

• You thrive in teams and enjoy getting things done together.

• You take ownership and build solutions, focusing on what matters.

• You do what is right, work with integrity and speak up.

• You share your humanity, helping us build a diverse and inclusive work environment for everyone.

What can we offer you?

• A competitive salary and benefits packages.

• A growth trajectory that extends upward and outward, encouraging you to follow your passions and learn new skills.

• A focus on growing your career path with us.

• Flexible work policies and strong work-life balance.

• Professional development and leadership opportunities.

Our commitment to you

• Values-first culture
  We lead with our Values every day and bring them to life together.

• Boundless opportunity
  We create opportunities to learn and grow at every stage of your career.

• Continuous innovation
  We invite you to help redefine the future of financial services.

• Delivering the promise of Diversity, Equity and Inclusion
  We foster an inclusive workplace where everyone thrives.

• Championing Corporate Citizenship
  We build a business that benefits all stakeholders and has a positive social and environmental impact.

#LI-hybrid

À propos de Manuvie et de John Hancock

La Société Financière Manuvie est un chef de file mondial des services financiers qui aide les gens à prendre leurs décisions plus facilement et à vivre mieux. Pour en apprendre plus à notre sujet, rendez vous à l’adresse www.manuvie.com.

Manuvie est un employeur qui souscrit au principe de l’égalité d’accès à l’emploi

À Manuvie/John Hancock, nous embrassons notre diversité. Nous nous efforçons d’attirer, de perfectionner et de maintenir un effectif qui est aussi varié que nos clients, et de favoriser la création d’un milieu de travail inclusif qui met à profit la diversité de nos employés et les compétences de chacun. Nous nous engageons à assurer un recrutement, une fidélisation, une promotion et une rémunération équitables, et nous administrons toutes nos pratiques et tous nos programmes sans discrimination en raison de la race, de l’ascendance, du lieu d’origine, de la couleur, de l’origine ethnique, de la citoyenneté, de la religion ou des croyances ou des convictions religieuses, du genre (y compris grossesse et affection liée à une grossesse), de l’orientation sexuelle, des caractéristiques génétiques, du statut d’ancien combattant, de l’identité de genre, de l’expression de genre, de l’âge, de l’état matrimonial, de la situation de famille, d’une invalidité ou de tout autre motif protégé par la loi applicable.

Nous nous sommes donné comme priorité d’éliminer les obstacles à l’accès égalitaire à l’emploi. C’est pourquoi un représentant des Ressources humaines collaborera avec les candidats qui demandent une mesure d’adaptation raisonnable pendant le recrutement. Tous les renseignements communiqués pendant le processus de demande de mesures d’aménagement seront stockés et utilisés conformément aux lois et aux politiques applicables de Manuvie/John Hancock. Pour demander une mesure d’aménagement raisonnable dans le cadre du recrutement, écrivez à recruitment@manulife.com.

Région principale

Semaine de travail comprimée

L’échelle salariale devrait se situer entre

Si vous posez votre candidature à ce poste en dehors de la région principale, veuillez écrire à recruitment@manulife.com pour obtenir l’échelle salariale correspondant à votre région. Le salaire varie en fonction des conditions du marché local, de la géographie et de facteurs pertinents liés au poste telles les connaissances, les compétences, les qualifications, l’expérience et l’éducation ou la formation. Les employés ont également la possibilité de participer à des programmes de motivation et de toucher une rémunération incitative liée au rendement de l’entreprise et au rendement individuel.

Manuvie offre aux employés admissibles une vaste gamme d’avantages sociaux personnalisables, notamment une assurance soins médicaux, soins dentaires, santé mentale, soins de la vue, invalidité de courte et de longue durée, assurance vie et assurance DMA, assurance adoption, de maternité de substitution et de soins médicaux non urgents ainsi que des programmes d’aide aux employés et leur famille. Nous proposons également aux employés admissibles différents régimes d’épargne-retraite (y compris des régimes de rente et un programme international d’actionnariat assortie de cotisations patronales de contrepartie) ainsi que des ressources en matière d’éducation et de conseils financiers. Notre généreux programme de congés rémunérés au Canada comprend les jours fériés, les congés annuels, les congés personnels et les congés de maladie, et nous offrons toute la gamme des congés autorisés prévus par la loi. Si vous posez votre candidature à ce poste aux États-Unis, veuillez écrire à recruitment@manulife.com pour obtenir de plus amples renseignements sur les dispositions relatives aux congés rémunérés spécifiques aux États-Unis.