Senior IT Risk Management Auditor

We are seeking an experienced and dynamic Senior IT Risk Management Auditor to join our team. This role is critical in ensuring robust risk governance and oversight through the design, implementation, and execution of our Global Information Risk Management framework across the Canadian Segment. The successful candidate will deliver a consistent and coordinated approach to risk reporting, ensuring comprehensive coverage of risks across major business segments.

Position Responsibilities:

• Lead the development and global execution of the Global Information Risk Management framework, ensuring comprehensive coverage and integration of risk reporting across the Canadian Segment.
• Build and maintain strong relationships with senior management to effectively communicate and manage risk, aligning with business objectives.
• Responsible for leading all aspects of IT audit activities, including RCSA, SOC 1, SOC 2, and SOX audits, to ensure alignment with industry standards.
• Plan, conduct, and manage cybersecurity and technology controls testing, as well as compliance assessments for IT systems and processes, to evaluate design and operating effectiveness.
• Develop and maintain detailed test procedures and plans for IT Security Controls, ensuring they align with key objectives, industry standards, and regulatory requirements.
• Evaluate the organization’s compliance with preferred cybersecurity frameworks, identifying areas for improvement and ensuring alignment to standard processes.
• Perform control testing, security assessments, and risk analysis on systems, applications, and network infrastructure to identify potential weaknesses and security gaps.
• Analyze test results, identify security control deficiencies, and recommend effective solutions to resolve identified issues.
• Collaborate with operations and IT teams to ensure all IT security controls are thoroughly tested and implemented.
• Track security issues and risks, preparing comprehensive reports that outline findings, recommendations, and actionable insights for senior management and customers.
• Collaborate with various teams such as IT, legal, and compliance, as well as external entities to address findings and implement corrective actions.
• Develop innovative approaches and solutions, using data analytics, Agile methodology, and automation to enhance the overall effectiveness and value of the controls testing team.
• Ensure compliance with applicable security policies and standards, maintaining a strong risk posture.
• Keep abreast of the latest information Risk audit practice, testing techniques, and contribute to the continuous improvement of the Canadian Segment’s risk posture.

Required Qualifications:

• Minimum of 8 years of demonstrable experience in IT risk management, auditing, or equivalent fields.
• Bachelor's degree or equivalent experience in a relevant field such as Information Systems, Business, or a related field is preferred.
• Certified Information Systems Auditor (CISA) or an equivalent designation is preferred.
• Strong organizational and planning skills with a keen attention to detail.
• In-depth understanding of controls, audit processes, and risk management principles.
• Outstanding ability to clearly articulate to and collaborate with all management levels.
• Demonstrated ability to handle complex issues and provide business-specific context to key Integrated Risk Management (IRM) principles.
• Strong analytical skills, with an ability to identify overarching patterns and dependencies.
• Experience managing high-visibility and high-risk situations effectively.
• Superb communication, presentation, negotiation, and influencing skills.

Preferred Qualifications:

• Certified Information Systems Auditor (CISA) or an equivalent designation is preferred.
• Stakeholder Management

When you join our team:

We’ll empower you to learn and grow the career you want.

We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.

As part of our distributed team, we’ll support you in shaping the future you want to see.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact recruitment@manulife.com .

Referenced Salary Location

Working Arrangement

We are seeking an experienced and dynamic Senior IT Risk Management Auditor to join our team. This role is critical in ensuring robust risk governance and oversight through the design, implementation, and execution of our Global Information Risk Management framework across the Canadian Segment. The successful candidate will deliver a consistent and coordinated approach to risk reporting, ensuring comprehensive coverage of risks across major business segments.

Position Responsibilities:

• Lead the development and global execution of the Global Information Risk Management framework, ensuring comprehensive coverage and integration of risk reporting across the Canadian Segment.
• Build and maintain strong relationships with senior management to effectively communicate and manage risk, aligning with business objectives.
• Responsible for leading all aspects of IT audit activities, including RCSA, SOC 1, SOC 2, and SOX audits, to ensure alignment with industry standards.
• Plan, conduct, and manage cybersecurity and technology controls testing, as well as compliance assessments for IT systems and processes, to evaluate design and operating effectiveness.
• Develop and maintain detailed test procedures and plans for IT Security Controls, ensuring they align with key objectives, industry standards, and regulatory requirements.
• Evaluate the organization’s compliance with preferred cybersecurity frameworks, identifying areas for improvement and ensuring alignment to standard processes.
• Perform control testing, security assessments, and risk analysis on systems, applications, and network infrastructure to identify potential weaknesses and security gaps.
• Analyze test results, identify security control deficiencies, and recommend effective solutions to resolve identified issues.
• Collaborate with operations and IT teams to ensure all IT security controls are thoroughly tested and implemented.
• Track security issues and risks, preparing comprehensive reports that outline findings, recommendations, and actionable insights for senior management and customers.
• Collaborate with various teams such as IT, legal, and compliance, as well as external entities to address findings and implement corrective actions.
• Develop innovative approaches and solutions, using data analytics, Agile methodology, and automation to enhance the overall effectiveness and value of the controls testing team.
• Ensure compliance with applicable security policies and standards, maintaining a strong risk posture.
• Keep abreast of the latest information Risk audit practice, testing techniques, and contribute to the continuous improvement of the Canadian Segment’s risk posture.

Required Qualifications:

• Minimum of 8 years of demonstrable experience in IT risk management, auditing, or equivalent fields.
• Bachelor's degree or equivalent experience in a relevant field such as Information Systems, Business, or a related field is preferred.
• Certified Information Systems Auditor (CISA) or an equivalent designation is preferred.
• Strong organizational and planning skills with a keen attention to detail.
• In-depth understanding of controls, audit processes, and risk management principles.
• Outstanding ability to clearly articulate to and collaborate with all management levels.
• Demonstrated ability to handle complex issues and provide business-specific context to key Integrated Risk Management (IRM) principles.
• Strong analytical skills, with an ability to identify overarching patterns and dependencies.
• Experience managing high-visibility and high-risk situations effectively.
• Superb communication, presentation, negotiation, and influencing skills.

Preferred Qualifications:

• Certified Information Systems Auditor (CISA) or an equivalent designation is preferred.
• Stakeholder Management

When you join our team:

• We’ll empower you to learn and grow the career you want.

• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our distributed team, we’ll support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html .

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact recruitment@manulife.com .

Referenced Salary Location

Working Arrangement

Salary range is expected to be between

If you are applying for this role outside of the primary location, please contact recruitment@manulife.com for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.

Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact recruitment@manulife.com for more information about U.S.-specific paid time off provisions.

Manulife Financial Corporation is a Canadian multinational insurance company and financial services provider headquartered in Toronto, Ontario, Canada.

Talentify is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Talentify provides reasonable accommodations to qualified applicants with disabilities, including disabled veterans. Request assistance at accessibility@talentify.io or 407-000-0000.

Federal law requires every new hire to complete Form I-9 and present proof of identity and U.S. work eligibility.

An Automated Employment Decision Tool (AEDT) will score your job-related skills and responses. Bias-audit & data-use details: www.talentify.io/bias-audit-report . NYC applicants may request an alternative process or accommodation at aedt@talentify.io or 407-000-0000.