Manager, Risk Management

The Opportunity

As the Manager, Risk Management, you will be part of the Vendor Information Risk Management team and conduct assessments on information security controls. In this role, you will measure the effectiveness of the security controls, identify control gaps, and provide business advice and guidance on the various IT risks and/or contract gaps associated with the supplier.

This is an individual contributor position based out of the Toronto or Waterloo office with a hybrid work arrangement (3 days in office).

Responsibilities

• Conduct information security risk assessments for new and existing vendors. Reviews include IT Controls, Business Continuity/Disaster Recovery controls, Subcontractor reviews.
• Conduct On-Site Visits with the supplier – virtually.
• Review/recommend IT contract clauses.
• Assist in the development, maintenance, and implementation of information risk policies and procedures as well as the monitoring processes and measures to enforce those policies.
• Research and investigate independently new issues and innovations to maintain currency of technical expertise.

How will you create impact?

By demonstrating strong risk governance and oversight through the appropriate design, implementation, and/or execution of the Enterprise Risk Management framework for the business on a global basis. The individual will work to ensure a consistent and integrated approach is applied to risk reporting while ensuring the risks of the major business segments are well covered.

What motivates you?

• You obsess about customers, listen, engage, and act for their benefit.
• You do what is right, work with integrity and speak up.
• You think big, with curiosity to discover ways to use your agile approach and enable business outcomes.
• You thrive in teams and enjoy getting things done together.
• You take ownership and build solutions, focusing on what matters.
• You share your humanity, helping us build a diverse and inclusive work environment for everyone.

What we are looking for

• 3-5 years of Third-Party Risk Assessment work experience.
• 2-3 years IT auditing or equivalent experience.
• CISA, CISSP certifications are preferred.
• CRISC is preferred.
• Critical thinking and excellent organization and planning abilities.
• Ability to balance competing demands with little management direction/support.
• Excellent communication, presentation, negotiation, and influencing skills.
• A passion for risk and a positive attitude.

What can we offer you?

• A competitive salary and benefits packages.
• A growth trajectory that extends upward and outward, encouraging you to follow your passions and learn new skills.
• A focus on growing your career path with us.
• Flexible work policies and strong work-life balance.
• Professional development and leadership opportunities.

Our commitment to you

• Values-first culture: We lead with our Values every day and bring them to life together.
• Boundless opportunity: We create opportunities to learn and grow at every stage of your career.
• Continuous innovation: We invite you to help redefine the future of financial services.
• Delivering the promise of Diversity, Equity, and Inclusion: We foster an inclusive workplace where everyone thrives.
• Championing Corporate Citizenship: We build a business that benefits all stakeholders and has a positive social and environmental impact.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit our story.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals.