Information Assurance Manager

The OpportunityThe Manager, IRM Control Assurance Testing is a broadly-scoped and highly-leveraged role, requiring analytical and problem-solving mindset combined with strong communication, collaboration, and time management skills.Reporting to the Director, IRM Control Assurance Testing, the incumbent will be responsible for executing and providing an objective assessment, on behalf of the 2nd line of defense, of the risk management activities conducted by the 1st line in their duties related to the ownership of respective end to end processes, for the purpose of providing management and audit services confidence that risk is properly managed by the business.Assurance assessment will be conducted using a sample-based approach to test the 1st line control design and operating effectiveness, as well as the soundness of processes and methodologies.Responsibilities include but are not limited to:Partnership with other lines of defense to self-identify controls' improvement areas and corrective action plansRisk management services including assessment of information and technology risks, leveraging control frameworksAssurance of information risk assessment process, controls testing and conclusion validation according to Global IRM (GIRM) L2 assurance guidelinesHelp with the evolving assurance processes and procedures standardization and continuous improvementIntroduction of opportunities to continuously improve the iCAT maturitySupporting iCAT in the planning of assurance based on an assessment of risks and controlsSupport building and developing the iCAT automation processesRequirements:Minimum 5 years of progressive experience in the areas of Information Security / Business Resiliency / Technology Risk strategies, principles, processes, and deliverables within a large enterpriseUniversity degree (Computer Science or related discipline preferred)Understanding or working knowledge of cybersecurity concepts, such as, Security Operations (Vulnerability Management, DLP, SIEM etc.), Security Engineering (Cryptography, Cloud Security, Security Architecture etc.), Cyber Security etc.Understanding or working knowledge of Network and Network Security concepts and tools, such as, Network Access Controls, Intrusion Detection and Prevention, TACACS/Radius (Central authentication), Network Penetration Testing, red teaming etc.Understanding or working knowledge of information security controls, infrastructure technology, technology governance and assessments, ethical hacking / cyber security tools e.g., Qualys, Splunk, Netskope, Zscaler etc.Working knowledge of other technology infrastructure concepts, processes, and associated risks - such as, Active Directory, Operating System, On-premises Data Center etc.Previous risk advisory consulting experience is preferredSound knowledge of best practices of various aspects of information risk managementAny of lines of defense experienceExperience analyzing complex data sets - Prior experience assessing or auditing various software development environments, including Agile.Ability to quickly comprehend business processes and identify the risk implications, analyze complex situations, reach appropriate conclusions, and make value-added and practical recommendations.In-depth knowledge of system development methodologies, cyber and network security processes, and regulatory requirements.Competencies:Results oriented with a keen focus on quality and delivering value; ability to balance multiple priorities and projects; strong attention to detail while retaining focus on the 'big picture' and top risks; flexible and organized with the ability to oversee multiple projects concurrentlyStrong communication, consulting, and report writing skillsProblem solving, analytical, innovative, and strategic thinkerStrong stakeholder's alignment skillsStrong presentation and facilitation skills to all levels and audiencesAbility to develop and maintain strong relationshipsStrong team player (collaborative)Strong time management and organizational skills to manage multiple tasks and changing prioritiesStrong competencies in collaboration and problem solvingKnowledge of the regulatory environments in the U.S. and CanadaKnowledge of IT Assurance, IT audit, information security, risk management and/or complianceRecognized professional designations in Information Security, Audit and Business Continuity (e.g., CISSP, CISA, CISM, CEH, CRISC, FAIR, MBCP)Excellent influencing, and negotiation skills; professional presence, ability to navigate a matrix environment and influence across different areas and levels of management in IRM, Audit Services and TechnologyDemonstrated ability to work effectively in diverse environments and cultures, over multiple office locationsAbility to identify opportunities to utilize data analytics for enhanced depth and breadth of assurance coverageWhat motivates you?You obsess about customers, listen, engage and act for their benefit.You think big, with curiosity to discover ways to use your agile approach and enable business outcomes.You thrive in teams and enjoy getting things done together.You take ownership and build solutions, focusing on what matters.You do what is right, work with integrity and speak up.You share your humanity, helping us build a diverse and inclusive work environment for everyone.What can we offer you?A competitive salary and benefits packages.A growth trajectory that extends upward and outward, encouraging you to follow your passions and learn new skills.A focus on growing your career path with us.Flexible work policies and strong work-life balance.Professional development and leadership opportunities.Our commitment to youValues-first cultureWe lead with our Values every day and bring them to life together.Boundless opportunityWe create opportunities to learn and grow at every stage of your career.Continuous innovationWe invite you to help redefine the future of financial services.Delivering the promise of Diversity, Equity and InclusionWe foster an inclusive workplace where everyone thrives.Championing Corporate CitizenshipWe build a business that benefits all stakeholders and has a positive social and environmental impact.About Manulife and John HancockManulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit our story.Manulife is an Equal Opportunity EmployerAt Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact [email protected] LocationToronto, OntarioWorking ArrangementHybridSalary range is expected to be between$92,190.00 CAD - $171,210.00 CADIf you are applying for this role outside of the primary location, please contact [email protected] for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact [email protected] for more information about U.S.-specific paid time off provisions. #J-18808-Ljbffr