Manulife is seeking a Manager, Information Risk Management to lead the execution of independent second‑line challenge and oversight activities across technology, data, and operational risk. Reporting to Director, IRM, IRO, this role provides expert-level analysis, challenge, and governance scrutiny to ensure first‑line risk practices meet Manulife's risk appetite, standards, and regulatory expectations.
This is a Second Line of Defense (2LOD) role focused exclusively on objective oversight and challenge—not first‑line risk management, execution, or control operation.
As a manager, the role serves as a trusted advisor to functional risk teams, centers of excellence, and senior technology/data leaders.
Position Responsibilities:
- Provide independent second line challenge of first line risk assessments, controls, and risk decisions.
- Assess adequacy of technology, data, and operational risk practices against standards and regulatory expectations.
- Develop clear, evidence‑based second line risk opinions and escalate material issues with recommendations.
- Perform deep‑dive RCSA reviews and challenge risk ratings, control assertions, and completeness of assessments.
- Identify underassessed risks, weak controls, and cross‑assessment inconsistencies.
- Challenge vendor due diligence, inherent risk scoring, and oversight adequacy for cloud, SaaS, and critical providers.
- Review major technology initiatives and platform changes for risk impacts and sufficiency of mitigation plans.
- Evaluate risks associated with architecture changes, new solutions, and implementation activities.
- Review incidents, classifications, RCA quality, and recurrence prevention measures.
- Assess and challenge risk acceptances and corrective action plans for feasibility and urgency.
- Validate CAP closure evidence as part of second line review.
- Review business continuity plans, DR test results, and resilience capabilities, challenging gaps and assumptions.
- Analyze enterprise risk data to identify systemic issues, trends, and emerging risks.
- Use Generative/Agentic AI and automation tools to enhance oversight efficiency and thematic analysis.
- Communicate challenge outcomes clearly, advise stakeholders, and represent second line in risk discussions and governance forums.
Required Qualifications:
- 6–10+ years of experience in Information Risk, Technology Risk, Cyber Risk, GRC, or Operational Risk.
- Experience performing independent second‑line oversight or audit-style review activities.
- Strong understanding of technology, data, cloud, infrastructure, and operational resilience risks.
- Ability to evaluate complex risk scenarios and form well‑supported second‑line opinions.
- Experience with risk programs (RCSA, third‑party risk, issues, incidents, BC/DR, change risk).
- Familiarity with GRC platforms such as Archer, ServiceNow, or Fusion.
- Knowledge of regulatory frameworks and standards (ISO, NIST, COBIT, CSA/CCM, OSFI, etc.).
- Exposure to Generative AI, Agentic AI, automation tools, or continuous monitoring technologies.
When you join our team:
- We'll empower you to learn and grow the career you want.
- We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
- As part of our global team, we'll support you in shaping the future you want to see.
