Senior Manager, Technology and Cybersecurity Audit & Advisory Services

at  Manulife

The Technology Audit Team assess technology as part of initiatives, processing, and operations to ensure that delivery meets business, cybersecurity, performance, and regulatory expectations. In this role you will primarily work with our segment and business line Chief Information Officers, and global functional partners leading our data, cybersecurity, engineering, infrastructure, information and operational risk management, and program delivery practices. We leverage analytics and use Microsoft Azure Data Services with tools such as Power BI and Co-Pilot to automate our testing in line with Manulife’s ambition is to be the most digital, customer-centric company in our industry. Through our engagements, you will learn about each of our business markets including the external and internal demands of technology, digital processing, growing regulatory requirements around cybersecurity, and opportunities to explore new technologies, platforms, and leading global technology partners as they are deployed. As an audit professional at Manulife, you’ll have the chance to work with a diverse set of advanced tools and technologies, including a centralized GRC tool used by all three lines of defense, business analytics tools, enterprise data lake, machine learning, Gen AI, Python, and more. These exposures will provide you with invaluable experience in performing innovative testing with digital and analytic tools, enabling key insights that drive impactful audit outcomes.
This role offers a unique opportunity to collaborate directly with members of the Audit Leadership Team (ALT) and Technology and Risk leadership. By engaging with senior leaders, you will gain valuable insights and visibility, enhancing your leadership skills and professional growth within the organization.

REQUIRED QUALIFICATIONS:

• 6-8 years of relevant experience, plus a risk/security (e.g., CISA, CISSP) or other cloud/networking (e.g., AZ-xxx, CCxx) certification or equivalent experience.
• University degree in information systems, or other relevant degree or equivalent experience.
• Solid understanding of system development methodologies, cyber and network security processes, and related regulatory requirements.
• Solid understanding of cybersecurity concepts, such as, Security Operations (Vulnerability Management, DLP, SIEM etc.), Security Engineering (Cryptography, Cloud Security, Security Architecture etc.)
• Solid understanding of other technology infrastructure concepts, processes, and associated risks - such as, Active Directory, DevSecOps, Virtualization, etc.
• Prior experience with information systems and operations used in the insurance industry and financial services industry will be beneficial.

• Manage a team of auditors to cover key internal technology risks and produce meaningful audit reports that clearly articulate the position on risks and related issues.
• Lead or support multiple simultaneous audit projects to ensure time and quality objectives are met. Timely address and/or report potential budget overruns and resourcing concerns.
• Assess and evaluate the effectiveness and efficiency of internal controls and operating practices.
• Clearly communicate potential issues and evaluate corrective action plans, assist in preparing and presenting reports to Audit Committees.
• As an infrastructure, security, and/or technology risk Subject Matter Expert (SME), train technology auditors on emerging technologies and security principles.
• Collaborate and connect with various partners within the three lines of defense to promote awareness of risk.
• Recruit and develop high-caliber staff, supporting their growth through the Audit Services Core Competencies model.