Senior Consultant, Information Risk

at  Manulife

We are a leading financial services provider committed to making decisions easier and lives better for our customers and colleagues around the world. From our environmental initiatives to our community investments, we lead with values throughout our business. To help us stand out, we help you step up, because when colleagues are healthy, respected and meaningfully challenged, we all thrive. Discover how you can grow your career, make impact and drive real change with our Winning Team today.

JOB REQUIREMENTS (EXPERIENCE/KNOWLEDGE/SKILLS):

• Degree holder of Computer Science, Information Technology, Software Engineering, Business Administration, or relevant educational and professional experience.
• Relevant professional designations (e.g. CISSP, CRISC, CISM, CISA, CCSP, GSEC).
• 5+ years of experience in a combination of relevant technical disciplines in the field of Information Security: network security, application security, identity and access management, IT operations security, vulnerability management, information protection, physical security, cybersecurity.
• 5+ years of IT/Information Risk management experience: vendor risk management, project risk management, IT audit or IT controls assessment.
• Deep knowledge of cloud computing security and IaaS, PaaS or SaaS environments.
• Knowledge of security frameworks (e.g. ISO 27001, COBIT), regulatory requirements and standards (e.g. NIST, GDPR, Sarbanes-Oxley).
• Good communication, presentation, and facilitation skills to all levels and audiences.
• Influence behavior to reduce risks and foster a strong information security risk management culture.
• Problem solving, analytical, and innovative attitude.
• Good great teammate (collaborative).
• Strong time management and organizational skills to manage multiple tasks and changing priorities.
• Knowledge and understanding of the financial industry is preferred.

KEY RESPONSIBILITIES:

• Responsible for the execution of information risk assessment processes in compliance with global Information Risk Assessment methodology.
• Ensure the appropriate steps are taken to ensure the Information Risk Assessment process is followed in integration with other related processes: architecture review, project risk management framework, etc.
• Manage the priorities between the tasks assigned with input from the risk owners.
• Attend project meetings, provide timely updates, advise on risks and impact around the changes.
• Ensure each information risk assessment completed is peer-reviewed & communicated to larger distribution to various collaborators.
• Deliver training to key collaborators around the information risk assessment processes.
• Respond to audits, regulatory reviews, risk and controls self-assessments.

This role is part the Information Risk team, who is the information security control team under Global Wealth Asset Management (GWAM) Information Technology First Line of Defense. The team performs risk-based information security assessments for new technologies and changes to existing IT-based solutions, accountable to identify threats for both the cloud-based and on premises-based infrastructure, platform, and services.:

• Perform GWAM project and technology information risk assessments including assessing risks and define controls as well as tracking the implementation of controls.
• Design, document and/or implement BAU security controls applicable to the cloud-based infrastructure, platform, and services.
• Evaluate products for implementing security controls in the cloud or on-premises spaces