Manulife is seeking an Analyst, Information Risk Management to support the execution of second‑line oversight and challenge activities across technology, data, and operational risk domains. Reporting to the Director, IRM IRO, this role provides analytical, operational, and governance support to ensure that technology and data risks are managed in alignment with Manulife's risk appetite and regulatory expectations.
This role is an individual contributor focused on execution and delivery by performing independent challenges and oversight over core functions.
Domain Level Challenge and Oversight:
The Analyst will support second‑line oversight activities across multiple disciplines, including:
Key Responsibilities:
Risk & Control Self-Assessments (RCSA)
- Coordinate evidence collection, control reviews, and documentation.
- Compare assessments against standards and highlight potential control gaps.
Third‑Party / Vendor Technology Risk
- Assist in due‑diligence reviews, evidence validation, and third‑party residual risk analysis.
- Support challenge of vendor risk assessments and remediation activities.
Initiative & Change Risk
- Support the review of technology and operational change initiatives for potential risk impacts.
- Assist in assessing design adequacy of proposed controls.
Reportable Events & Incident Analysis
- Support second‑line review of incidents, root cause analysis, and event classification.
- Track remediation effectiveness and recurring themes.
Issue Management
- Support challenge of risk acceptances and corrective action plans (CAPs).
- Assist in monitoring remediation progress and assessing sufficiency of closure evidence.
BCM, DR, and Critical Operations Assessments
- Support oversight of Business Continuity Plans, Disaster Recovery testing, and Critical Operations identification.
- Perform analysis of test results, gaps, and effectiveness of resilience controls.
Data Analysis & Risk Insights
- Perform data extraction, cleansing, and analysis to identify trends across risk events, issues, controls, and assessments.
- Support production of risk intelligence packages for stakeholders
- Help translate technical data into clear, stakeholder‑friendly insights.
Automation, Generative AI & Agentic AI Enablement
- Utilize workflow automation tools and GenAI to streamline review, reporting, and analysis tasks.
- Support the adoption of Agentic AI automations to reduce manual effort in risk assessments and data validation.
- Assist in testing, tuning, and iterating automated processes used in second‑line oversight.
- Contribute to continuous control monitoring by applying data‑driven and automation-enabled analysis.
Stakeholder Engagement & Collaboration
- Partner with stakeholders to support oversight activities and analysis.
- Work closely with second line representation of Segments
- Maintain strong, professional relationships while delivering objective challenges.
Key Outcomes
- Accurate and timely support of second‑line assessments and oversight activities.
- Improved consistency and traceability of second line deliverables
- Increased use of automation, AI, and orchestration in risk processes.
- Enhanced quality of risk reporting, data insights, and evidence reviews.
- Strengthening regulatory confidence in technology and operational risk oversight.
Required Qualifications
- 2–4+ years of experience in Information Risk, Technology Risk, Operational Risk, Cybersecurity, Compliance, or related fields.
- Strong ability to adhere to consistent process-oriented requirements for challenge and oversight
- Foundational understanding of risk management practices (RCSA, issues, incidents, BC/DR, vendor risk, etc.).
- Ability to analyze technical and operational data and summarize findings clearly.
- Experience with or interest in learning automation tooling, Generative AI, and Agentic AI.
- Familiarity with GRC platforms (e.g., Archer, ServiceNow, Fusion) is an asset.
- Knowledge of control frameworks (NIST, ISO, COBIT, CSA, etc.) is beneficial.
- Strong communication, documentation, and analytical skills with the ability to work in a structured, detail‑oriented way.
When you join our team:
- We'll empower you to learn and grow the career you want.
- We'll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
- As part of our global team, we'll support you in shaping the future you want to see.
