Senior Manager, Technology and Cybersecurity Audit & Advisory Services

at  Manulife

At Manulife, our Audit and Advisory Services function is dedicated to adding significant value for our customers. By collaborating with management at all levels, we enhance the management of controllable risks, ensuring a robust and resilient organization.
Our team provides essential services to senior management and the Board of Directors, delivering insightful reports that empower them to effectively oversee and manage risk. This proactive approach not only supports their supervisory responsibilities but also strengthens our commitment to excellence and accountability.

JOB SUMMARY:

In this role you will primarily work with our segment and business line Chief Information Officers, and global functional partners leading our data, cybersecurity, engineering, infrastructure, information and operational risk management, and program delivery practices. We leverage analytics and use Microsoft Azure Data Services with tools such as Power BI and Co-Pilot to automate our testing in line with Manulife’s ambition is to be the most digital, customer-centric company in our industry.
Through our engagements, you will learn about each of our business markets including the external and internal demands of technology, digital processing, growing regulatory requirements around cybersecurity, and opportunities to explore new technologies, platforms, and leading global technology partners as they are deployed.
Join us and make a significant impact on our commitment to excellence and innovation in risk management.

QUALIFICATIONS:

• University degree in information systems, or other relevant degree or equivalent experience, plus a risk/security (e.g., CISA, CISSP) or other cloud/networking (e.g., AZ-xxx, CCxx) certification or equivalent experience, with 6-8 years of relevant experience.
• Working knowledge of system development methodologies, cyber and network security processes, and related regulatory requirements.
• Working knowledge of cybersecurity concepts, such as, Security Operations (Vulnerability Management, DLP, SIEM etc.), Security Engineering (Cryptography, Cloud Security, Security Architecture etc.)
• Working knowledge of other technology infrastructure concepts, processes, and associated risks - such as, Active Directory, DevSecOps, Virtualization, etc.
• Working knowledge or prior experience with information systems and operations used in the insurance industry and financial services industry will be beneficial.

• Lead a team of auditors to cover key internal technology risks and produce meaningful audit reports that clearly articulate the position on risks and related issues.
• Lead or support multiple simultaneous audit projects to ensure time and quality objectives are met. Timely address and/or report potential budget overruns and resourcing concerns.
• Assess and evaluate the effectiveness and efficiency of internal controls and operating practices.
• Clearly communicate potential issues and evaluate corrective action plans.
• As an infrastructure, security, and/or technology risk Subject Matter Expert (SME), train technology auditors on emerging technologies and security principles.
• Collaborate and communicate with various partners within the three lines of defense to promote awareness of risk.
• Assist in preparing and presenting reports to Audit Committees.
• Recruit and develop high-caliber staff, supporting their growth through the Audit Services Core Competencies model.