As an Information Risk Management Senior Consultant, you will be part of the Group Functions (GF) Information Technology First Line of Defense and is responsible for performing risk-based information security assessments for new technologies and maintaining governance frameworks including generative AI technologies, ensuring compliance with information security standards, and managing risks associated with cloud-based, on premises and AI-driven platform and services.

You are expected to have deep understanding of cybersecurity risks, technologies, governance practices and effectively communicate them to business units. Serves as a trusted partner for business units, fosters strong relationships, and instills cybersecurity policies and practices throughout business units.

This is an Individual contributor position supporting a designated business unit, based in Toronto or Waterloo, ON office with a hybrid work arrangement (3 days in office – Tuesday, Wednesday & Thursday preferably).

Position Responsibilities:

• Acts as a liaison and trusted partner for all information security activities in the business unit, ensuring balance between the needs of the business/IT and leading security practices.

• Supports security and risk initiatives to instill cybersecurity policies and practices throughout business units.

• Collaborate with cross functional teams to ensure cybersecurity and IT controls are embedded in all new initiatives and communicates the impact to relevant stakeholders.

• Participates in key initiatives and projects to ensure that cybersecurity and IT controls are accounted for early within the project and software development lifecycles for respective business unis.

• Performs comprehensive information risk assessments of On-Prem, IAAS, PAAS, SAAS and generative AI projects, identifying and mitigating risks associated with the solutions.

• Ensure compliance with the global Information Risk Assessment methodology, policies, and standards.

• Maintains up-to-date knowledge related to cybersecurity threats, vulnerabilities and mitigations set forth to reduce the attack surface; circulate this knowledge through the business units.

• Develops and implements risk management strategies across business unit.

• Provides security consulting services to the Business and IT partners.

• Tracks and manages identified information risk issues and associated corrective action plans (CAPs), ensuring timely resolution and closure in alignment with governance requirements.

• Support operational security activities including segment specific security processes (e.g., incident response, vulnerability management, Firewall reviews).

• Respond to audits, regulatory reviews, risk and controls self-assessments.

• Provides training and advise key stakeholders on requirements, processes, standards, and best practices around information security and risk management.

• Familiarity with laws and standards frameworks (e.g., NIST, ISO27001, GDPR, Sarbanes-Oxley, EU AI Act).

Required Qualifications:

• Minimum 5 years of experience in Information Risk management: vendor risk management, project risk management, IT audit or IT controls assessment.

• Bachelor's degree or equivalent

• Relevant professional designations (e.g., CISSP, CRISC, CISM, CISA) are a plus.

• Proven ability to quickly and easily adapt to changes within the business and organization

• Ability to build and maintain strong relationships across teams and stakeholders

• Ability to work in a fast-paced environment.

• Ability to balance competing demands with minimal management direction/support.

• Effective communication, presentation, negotiation and influencing skills

• Strong presentation and facilitation skills for diverse audiences.

• Should have excellent time management and organizational skills to handle multiple tasks and changing priorities.

When you join our team

• We’ll empower you to learn and grow the career you want.

• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our global team, we’ll support you in shaping the future you want to see

The role being advertised is an existing vacancy.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com.

Referenced Salary Location

Salary range is expected to be between

Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. If you are applying for this role outside of the primary location, please contact hr@manulife.com for the salary range for your location.

Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact hr@manulife.com for more information about U.S.-specific paid time off provisions.

We use data and analytics technologies, such as artificial intelligence (AI), and automated processing tools, to analyze and process the information you provide to us or third parties in the application process. For more information, please refer to our personal information collection statement.