The Director, IRM Methodology & Insights will be part of the Information Risk Management Team and will be responsible for supporting the development and implementation of global IRM program elements and the Governance, Risk and Control Compliance (GRC) improvement strategy.
You will be an integral part of a dynamic IRM community, collaborating with over 150 information risk professionals and hundreds of other information security and business continuity professionals across all our locations. As a member of our team, you will have the opportunity to contribute to a world-class company known for its commitment to diversity, competitive benefits, community involvement, and work-life balance.
This position supports the design and implementation of enhancements to Manulife’s Global Information Risk Management programs and its underlying components. This includes supporting the development of enterprise-wide processes and guidelines covering information risk and control identification, assessment, treatment, measurement, monitoring and reporting, and for activities that drive risk and control improvements within the Technology operation processes. The position requires subject matter expertise in Operational and Information risk and control management and proven communication and influencing skills. This position works across multiple businesses, functions, and geographies to promote awareness and execution of the IRM requirements. The incumbent will report to the AVP, IRM Methodology & Insights within the 2nd Line of Defense risk organization.

Key responsibilities include, but are not limited to :

• Support initiatives to enhance the Company’s Information risk management methodologies, including Control Assurance, Information Risk Assessments, etc.
• Collaborate with IRM colleagues and partners to develop and execute on all required functional roadmaps and priorities.
• Support the evolution of the various Information Risk assessment program (Control assurance testing, change risk assessments, etc.) and ensure alignment with organization’s operational risk outcomes that support OSFI’s Guidelines.
• Support the change management and communications of initiatives of the program.
• Support ongoing activities to drive control awareness and control improvements for the organization’s high risk technology business processes.
• Support the risk program frameworks and their alignment with GRC tool (Archer) workflows.
• Support the development of metrics that monitor key control activity performance.
• Ensure continuous and effective line of communication across appropriate Lines of Defense teams.
• Identify opportunities for creating efficiencies within IRM program’s framework and processes.
• Assist with ad-hoc and monthly risk reporting, memos, and presentations.
• Promote a strong risk culture, influence and gain support from the senior leadership team and segments to support the implementation of the roadmaps and methodologies.
• Train business unit and functional resources to implement the programs within their areas.
• Support ad hoc requests as assigned.
• Stay abreast with evolving Information and technology risks, new regulations, laws and requirements related to Information security, Cyber security, third party etc.
• Support ad-hoc requests as assigned.

QUALIFICATIONS

• University degree (Computer Science or related discipline preferred)
• Recognized professional designations in Information Security, Audit and Business Continuity (e.g. CISSP, CISA, CRISC, FAIR, MBCP)
• A background in risk management with a minimum three to five years of progressive work experience in the financial services industry.
• Good knowledge and experience with GRC tools (preferably Archer) and related applications.
• Strong communication skills and ability to explain highly technical information for non-technologists including executives.
• Strong competencies in collaboration, problem solving and influencing key risk decisions.
• Knowledge of the regulatory environments in the U.S. and Canada
• Strong writing, communication and presentation skills.
• Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy.
• Excellent collaborative and relationship building skills; showing tact and diplomacy in dealing with others.
• Ability to learn quickly and be comfortable with adjusting to ad-hoc changes.
• Previous audit or 2nd line oversight and assurance experience.
• Previous risk advisory consulting experience is preferred.
• Strong understanding of related best practices and relevant industry framework.

• Support initiatives to enhance the Company’s Information risk management methodologies, including Control Assurance, Information Risk Assessments, etc.
• Collaborate with IRM colleagues and partners to develop and execute on all required functional roadmaps and priorities.
• Support the evolution of the various Information Risk assessment program (Control assurance testing, change risk assessments, etc.) and ensure alignment with organization’s operational risk outcomes that support OSFI’s Guidelines.
• Support the change management and communications of initiatives of the program.
• Support ongoing activities to drive control awareness and control improvements for the organization’s high risk technology business processes.
• Support the risk program frameworks and their alignment with GRC tool (Archer) workflows.
• Support the development of metrics that monitor key control activity performance.
• Ensure continuous and effective line of communication across appropriate Lines of Defense teams.
• Identify opportunities for creating efficiencies within IRM program’s framework and processes.
• Assist with ad-hoc and monthly risk reporting, memos, and presentations.
• Promote a strong risk culture, influence and gain support from the senior leadership team and segments to support the implementation of the roadmaps and methodologies.
• Train business unit and functional resources to implement the programs within their areas.
• Support ad hoc requests as assigned.
• Stay abreast with evolving Information and technology risks, new regulations, laws and requirements related to Information security, Cyber security, third party etc.
• Support ad-hoc requests as assigned