- Lead in-depth analysis of various Architectural solutions, areas with high inherent risk and evaluate the effectiveness of deployed security controls and risk management responses.
- Support the Canadian Division and Manulife enterprise wide IT Risk management program across all domains.
- Understand how the organization’s risk appetite and risk culture should be considered in day-to-day activities and decisions.
- Support regulatory requests and submissions for IT Risk related information.
- Maintain relationships with key stakeholders across the organization and applicable support areas to remain current on new developments and emerging IT Risks.
- Provides guidance on the enhancement of the IT Risk program by analyzing industry technology trends to incorporate proven industry good practices and supporting technologies into practical use.
- Lead and drive a customer focused culture throughout the team to deepen client relationships and leverage broader Manulife relationships, systems and knowledge.
- University Degree in Engineering, Computer Science or related fields.
- Must have 5+ years of experience with IT Operations, IT System Development Life Cycle (SDLC), IT Risk Management, IT Governance and/or IT Audit. Information/Cybersecurity risk.
- Experience using ISO 27001, COBIT, NIST, ITIL and other IT Security, Risk and Operation specific industry frameworks.
- Experience with risk and security considerations associated with Open Source, Agile and Dev/Ops methodologies and practices. Experience across many IT Development and Operations areas (Secure Software Development practices, Change Management, Incident, Problem Management, etc.) in a large organization.
- Experience across all SLDC areas (Security Requirements, Security Design, Development, Release, etc.) in a large organization.
- Must possess excellent interpersonal and relationship-building skills to deal with senior levels of management
- Professional certifications and membership of associations such as CISA, CISSP, CISM, GIAC Certifications, etc. are an asset.
- Must have strong strategic and critical thinking to influence and execute Information Risk Management program objectives.
- Experience using of GRC risk management tools
- The role and context for these responsibilities is complex and dynamic in terms of program and process management within a global enterprise, changing business risk and technology dependency. Specifically, the context includes:
- The increasing inter-dependency of business functions and dependency on technology infrastructure.
- The incumbent will be required to continuously ensure that the needs of a global, complex organization are met and, that the key stakeholders continue to be supportive of and committed to the Information Risk Management governance program and strategies.
The incumbent will be part of the dynamic Canadian Division Information Risk Management Team while interacting and collaborating with the Global Information Risk Management Team as well as with the other Divisional Information Risk Management Teams.
We provide opportunities for personal growth and learning, work-life balance (WorkSmart) working arrangements (including “Work from Home”) and a comprehensive benefits package.