Manulife Senior Manager, Information Risk Assurance in Boston, Massachusetts
We are a leading financial services provider committed to making decisions easier and lives better for our customers and colleagues around the world. From our environmental initiatives to our community investments, we lead with values throughout our business. To help us stand out, we help you step up, because when colleagues are healthy, respected and meaningfully challenged, we all thrive. Discover how you can grow your career, make impact and drive real change with our Winning Team today.
The Senior Manager, IRM Control Assurance Testing is a broadly scoped and highly leveraged role, requiring analytical and problem-solving mindset combined with strong communication, collaboration, and time management skills.
Reporting to the Senior Director, IRM Control Assurance Testing , the incumbent will be responsible for executing and providing an objective assessment, on behalf of the 2nd line of defense, of the risk management activities conducted by the 1st line in their duties related to the ownership of respective end to end processes, for the purpose of providing management and audit services confidence that risk is properly managed by the business.
Assurance assessment will be conducted using a sample-based approach to test the 1st line control design and operating effectiveness, as well as the soundness of processes and methodologies.
Responsibilities include but are not limited to:
Partnership with other lines of defense to self-identify controls’ improvement areas and corrective action plans
Risk management services, including assessment of information and technology risks, leveraging control frameworks
Assurance of information risk assessment process, controls testing and conclusion validation according to Global IRM (GIRM) L2 assurance guidelines
Help with the evolving assurance processes and procedures standardization and continuous improvement
Introduction of opportunities to continuously improve the iCAT maturity
Supporting iCAT in the planning of assurance based on an assessment of risks and controls
Support building and developing the iCAT automation processes
Perform assurance activities in the areas of business continuity management, incidents, KRIs, KPIs, ODF initiatives and change, third party risk management, IT asset inventory, vulnerability management, network security, application security, cryptographic safeguard, penetration and access, and other information security areas.
Execute assurance projects in full recognition of the risks of the company that encompass the inherent risks, control risks and internal/external environment and regulatory risks. This may encompass individual segment engagements and broader assurance engagements for global level of enterprise level functions/processes.
Ensure that all assurance procedures executed are conducted in accordance with Global IRM Methodologies
Understand Information Technology control environment to conduct the assurance for risk assessments of the effectiveness and efficiency of internal controls and operating practices.
Support multiple simultaneous assurance projects to ensure time and quality objectives are met. Timely escalate potential budget over-runs and resourcing concerns to Engagement Lead.
Work with the IROs and their teams to ensure process assurance of the key risks and gaps identified from assurance engagements , and to further track and report on management corrective action plans as required.
Participate in assurance timeline planning and keep pace with both internal drivers (IRM standards and Technology processes) and external drivers (technology, regulations, risks, and control standards).
Stay abreast with evolving information and technology risks, new regulations, laws and requirements for technology, information security, cybersecurity, and privacy across the company jurisdictions.
Help to provide “big picture” insights based upon knowledge and research enhancing GIRM Assurance COE’s value proposition with senior leadership and business groups which include Global and Divisional Information Services teams, Global Privacy and Compliance, Operational Risk Management and Audit Services executives and others within other second and third line of defense teams (Audit Services, Operational Risk, Compliance, Investigative Services, Enterprise Risk, etc.).
Job Requirements (Experience/Knowledge/Skills):
Minimum 5 years of progressive experience in the areas of Information Security / Business Resiliency / Technology Risk strategies, principles, processes, and deliverables within a large enterprise
University degree (Computer Science or related discipline preferred)
Understanding or working knowledge of cybersecurity concepts, such as, Security Operations (Vulnerability Management, DLP, SIEM etc.), Security Engineering (Cryptography, Cloud Security, Security Architecture etc.), Cyber Security etc.
Understanding or working knowledge of Network and Network Security concepts and tools, such as, Network Access Controls, Intrusion Detection and Prevention, TACACS/Radius (Central authentication), Network Penetration Testing, red teaming etc.
Understanding or working knowledge of information security controls, infrastructure technology, technology governance and assessments, ethical hacking / cyber security tools e.g., Qualys, Splunk, Netskope, Zscaler etc.
Working knowledge of other technology infrastructure concepts, processes, and associated risks - such as, Active Directory, Operating System, On-premises Data Center etc.
Previous risk advisory consulting experience is preferred
Sound knowledge of best practices of various aspects of information risk management
Any of lines of defense experience
Experience analyzing complex data sets - Prior experience assessing or auditing various software development environments, including Agile.
Ability to quickly comprehend business processes and identify the risk implications, analyze complex situations, reach appropriate conclusions, and make value-added and practical recommendations.
In depth knowledge of system development methodologies, cyber and network security processes, and regulatory requirements.
Results oriented with a keen focus on quality and delivering value; ability to balance multiple priorities and projects; strong attention to detail while retaining focus on the “big picture” and top risks; flexible and organized with the ability to oversee multiple projects concurrently
Strong communication, consulting, and report writing skills
Problem solving, analytical, innovative, and strategic thinker
Strong stakeholder’s alignment skills
Strong presentation and facilitation skills to all levels and audiences
Ability to develop and maintain strong relationships
Strong team player (collaborative)
Strong time management and organizational skills to manage multiple tasks and changing priorities
Strong competencies in collaboration and problem solving
Knowledge of the regulatory environments in the U.S. and Canada
Knowledge of IT Assurance, IT audit, information security, risk management and/or compliance
Recognized professional designations in Information Security, Audit and Business Continuity (e.g., CISSP, CISA, CISM, CEH, CRISC, FAIR, MBCP)
Excellent influencing, and negotiation skills; professional presence, ability to navigate a matrix environment and influence across different areas and levels of management in IRM, Audit Services and Technology
Demonstrated ability to work effectively in diverse environments and cultures, over multiple office locations
Ability to identify opportunities to utilize data analytics for enhanced depth and breadth of assurance coverage
About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Asia, Canada, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups and institutions. At the end of 2022, we had more than 40,000 employees, over 116,000 agents, and thousands of distribution partners, serving over 34 million customers. At the end of 2022, we had $1.3 trillion (US$1.0 trillion) in assets under management and administration, including total invested assets of $0.4 trillion (US $0.3 trillion), and segregated funds net assets of $0.3 trillion (US$0.3 trillion). We trade as ‘MFC’ on the Toronto, New York, and the Philippine stock exchanges, and under ‘945’ in Hong Kong.
Manulife is an Equal Opportunity Employer
At Manulife /John Hancock , we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour , ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process . All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies . To request a reasonable accommodation in the application process, contact .
Salary & Benefits
The annual base salary for this role is listed below.
Salary range is expected to be between
$89,950.00 CAD - $167,050.00 CAD
If you are applying for this role outside of the primary location, please contact for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.
Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact for more information about U.S.-specific paid time off provisions.
- Manulife Jobs