Manulife is seeking anAnalyst, Information Risk Managementto support the execution of secondline oversight and challenge activities across technology, data, and operational risk domains. Reporting to the Director, IRM IRO, this role provides analytical, operational, and governance support to ensure that technology and data risks are managed in alignment with Manulife's risk appetite and regulatory expectations.
This role is an individual contributor focused on execution and delivery by performing independent challenges and oversight over core functions.
Position Responsibilities:
- Conduct evidencebased reviews of first line risk assessments, controls, and risk decisions, providing objective challenge where needed.
- Assess completeness and accuracy of first line documentation and support escalation when risk posture misaligns with appetite.
- Support RCSA oversight by collecting evidence, reviewing controls, and identifying potential gaps against standards.
- Assist in thirdparty technology risk reviews, validating due diligence evidence and analyzing residual vendor risk.
- Support oversight of technology and operational change initiatives, assessing proposed controls and risk impacts.
- Review incidents, classifications, and root cause analyses, tracking remediation effectiveness and recurring themes.
- Support issue management by challenging risk acceptances, reviewing corrective action plans, and validating closure evidence.
- Contribute to BC/DR and critical operations oversight through analysis of test results, resilience gaps, and control effectiveness.
- Perform data extraction and analysis to identify trends across risk events, issues, and assessments, producing clear risk insights.
- Use automation, Generative AI, and Agentic AI tools to streamline evidence reviews, monitoring, and second line analysis.
Required Qualifications:
- 24+ years of experience in Information Risk, Technology Risk, Operational Risk, Cybersecurity, Compliance, or related fields.
- Strong ability to adhere to consistent process-oriented requirements for challenge and oversight
- Foundational understanding of risk management practices (RCSA, issues, incidents, BC/DR, vendor risk, etc.).
- Ability to analyze technical and operational data and summarize findings clearly.
- Experience with or interest in learning automation tooling, Generative AI, and Agentic AI.
- Familiarity with GRC platforms (e.g., Archer, ServiceNow, Fusion) is an asset.
- Knowledge of control frameworks (NIST, ISO, COBIT, CSA, etc.) is beneficial.
- Strong communication, documentation, and analytical skills with the ability to work in a structured, detail-oriented way.
When you join our team:
- We'll empower you to learn and grow the career you want.
- We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
- As part of our global team, we'll support you in shaping the future you want to see.
