Skip to main content

Job ID:

Job Category:


Job Type:

Date Posted:

Apply Now >>    
Job Title :
IT Governance and Security Manager
Job ID :
Category :
Information Technology
Location :
Boston, MA US
Job Type :
Full Time
Posted On :
Job Description :

Are you looking for unlimited opportunities to develop and succeed?  With work that challenges and makes a difference and a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.


Reporting to the Director Enterprise IT Governance, the role is responsible for managing all Enterprise IT risk management and information security governance activities across Annuities and Investments including implementation and ongoing execution of information risk management requirements with an emphasis on cyber and information security, audit, compliance, and privacy. The role also includes participating, meeting and influencing Annuities and Investments security requirements within US & Global Divisions to ensure we meet compliance standards, policies and procedures. The role will also be accountable for working with peers across the department in ongoing execution of the fraud prevention program.  The IT Governance and Security Manager will stay abreast of the latest industry security requirements and continuously improve the IT related risk management and security posture.
We are looking for a candidate that has risk, audit and / or security experience and is energetic, innovative as well as detail oriented and who can assess our current IT operational processes and procedures on system risk, system security and cyber security and execute initiatives for constant improvements, scalability and automation.
The IT Governance and Security Manager role will help articulate our risk and security posture with our business partner base. He/she will work closely with the IT value streams, Enterprise Operations and our business partners as well as US & Global Information Risk Management, Privacy, Shared Services and Infrastructure teams along with vendors. The candidate must be a strong people manager and able to work across teams and lead and develop a junior team.
Summary Responsibilities:
The IT Governance and Security Manager has the accountability to:
General Risk Management Ownership & Oversight:
  1. Lead, manage and enforce the Enterprise IT system risk management and information security risk management framework/methodology working across value streams. This includes all information security activities.
  2. Improve and promote the system risk-related and information security related posture.
  3. Stay abreast of the latest industry security requirements and continuously improve the IT related risk management and security posture.
  4. Document and maintain the system risk governance methodology, the system risk management policies and the information security policy and standards.
  5. Organize, conduct and perform system risk and information security risk assessments and gap analysis processes.
  6. Establish, review and verify the system risk and information security risk related policies, standards and procedures documentation.
  7. Promotes and influences business on information security awareness, best practices and meeting requirements.
  8. Participate in vendor oversight activities both critical Enterprise IT vendors and IT support in oversight and due diligence activities of critical business partner vendors. 
Cyber / Information Security Responsibilities:
  1. Assist in accelerating our cyber / information security profile.
  2. Stay up-to-date on the latest intelligence, including hackers' methodologies, to anticipate security breaches; anticipate new security threats and stay-up-to-date with evolving tools, architectures and infrastructures.
  3. Recommend and assist in implementing security measures to protect computer systems, networks and data.
  4. Incident management and response: represent IT in reported incidents; coordinate potential fraud related activities on behalf of IT.
  5. Management and response to engage resources for immediate response and recovery of an application or service.
  6. Manage the IT Risk team on providing data support for data analytics for fraud prevention.
  7. Act as the lead for Enterprise IT working closely with the Global Analytics team and Operations, to ensure we are all in synch, and report back to management. 
 Audit/SOC-1 controls responsibilities:
  1. Ensure that we adhere to all system SOX and SOC-1 controls to meet audit requirements including system access management, quarterly reviews and new employee hires and moves.
  2. Partner with business, IT leads and vendors to bring IT general controls to the forefront.
  3. Create metric reporting on our application and infrastructure controls environment. 
Qualifications for this role are as follows: 
  • Bachelor's degree or equivalent in Business, Economics, Finance, Law, IT, Marketing, Accounting or equivalent
  • More than five years' experience in the Security, IT risk management and/or IT Audit related activities of the financial industry
  • Accreditation in one or more certifications that cover CISSP, CISA, CISM, CEH and OSCP
  • Confident presentation and facilitation skills and strong interpersonal and leadership skills to facilitate working with senior management at all levels
  • Strong oral, written, communication, interpersonal and leadership skills
  • Good managerial skills relating to employees, planning and policy formulation
  • Excellent organization, planning and time management skills
  • Strong analytical skills and ability to deliver actionable recommendations based on analysis. Ability to translate analyses, using mediums to drive comprehensible recommendations (e.g., dashboards, graphics, summaries, etc.) The ideal candidate will excel in data gathering and analytical/problem solving skills
  • Managing and resolving conflicting priorities, and negotiating realistic timelines requiring minimum supervision
  • Develop and foster relationships with the divisions and business unit subject matter experts; establish and maintain strong relationships with vendors, third party partners, business units and IT departments across Manulife/John Hancock
  • Ability to adapt quickly and easily to changes within the business
  • Proactive keeping abreast of leading changes in their field of expertise and evaluate for impact on Enterprise IT roadmaps


About John Hancock Financial and Manulife


John Hancock is a division of Manulife Financial Corporation, a leading international financial services group that helps people achieve their dreams and aspirations by putting customers’ needs first and providing the right advice and solutions. We operate primarily as John Hancock in the United States, and Manulife elsewhere. We provide financial advice, insurance and wealth and asset management solutions for individuals, groups and institutions. Assets under management and administration by Manulife and its subsidiaries were over $1 trillion (US$806 billion) as of September 30, 2017. Manulife Financial Corporation trades as MFC on the TSX, NYSE, and PSE, and under 945 on the SEHK. Manulife can be found at
One of the largest life insurers in the United States, John Hancock supports approximately 10 million Americans with a broad range of financial products, including life insurance, annuities, investments, 401(k) plans, and college savings plans. We also offer advice through Signator, a network of independent financial advisors. Additional information about John Hancock may be found at
Agency submissions and contacts are by invitation only and must be initiated by John Hancock's Recruiting Department only.  Unsolicited agency submissions will not be honored.

Information Technology
Apply Now >>    
Link for schema


Any personal information you provide through this site will be privy only to Manulife for the purpose of evaluating your qualifications and experience. At all times, your personal information will be protected by the application of our Privacy Policy.