Information Security Manager

The Information Security Manager evaluates technology environments through control testing compliance assessments identifies key gaps and recommends actions for remediation. Partners with other teams for cybersecurity controls assessment and tests effectiveness of cybersecurity controls ensuring that systems and processes meet industry standards and regulatory requirements.

Position Responsibilities:

• Plans conducts and manages cybersecurity and technology controls testing compliance assessments including IT systems and processes for design and operating effectiveness.
• Develops and maintains test procedures and plans for IT Security Controls ensuring alignment with key objectives industry standards and regulatory requirements.
• Evaluates the organizations compliance with preferred cybersecurity frameworks.
• Performs control testing security assessments and risk analysis on systems applications and network infrastructure to identify potential weaknesses and security gaps.
• Analyzes test results identifies security control deficiencies and recommends solutions to resolve identified issues.
• Partners with operations and IT teams to ensure that all IT security controls are adequately tested and implemented.
• Tracks security issues/risks prepares comprehensive reports outlining findings recommendations and actionable insights to senior management and stakeholders.
• Collaborates with cross-functional teams including IT legal compliance and liaises with law enforcement and other external entities to address findings and implement corrective action.
• Develops innovative approaches and solutions including use of data analytics Agile methodology and automation to improve overall effectiveness and value of the controls testing team.
• Ensures compliance with applicable security policies and standards.
• Stays updated on latest cybersecurity threats vulnerabilities and testing techniques contributing to the enhancement of cybersecurity practices within the organization.
• Provides professional advice takes a lead role of process or program execution
• Is accountable for own work and contributes to setting standards through expertise in own job discipline that impact others deliverables
• Work is guided by cascaded policies or business plans
• May lead medium to large size projects or work streams with moderate resource requirements risk and/or complexity with multiple teams representing different interests

Required Qualifications:

• Knowledge of IT security controls and technologies IT systems and networks security testing security policies standards and regulations
• Experience performing compliance and control testing assessments
• Knowledge of frameworks such as NIST CSF ISO 27001 and CIS Top 20 Controls
• Proficiency in understanding operating systems (Windows Linux Unix) network protocols and cybersecurity frameworks
• Understanding of cloud computing security principles and leading practices
• Understanding of legal and regulatory requirements related to cybersecurity privacy and data protection laws relevant to the organization
• Knowledge of data privacy laws data security issues encryption techniques data classification and data loss prevention mechanism

Skills:

• Cybersecurity
• Security Compliance
• IT Controls
• IT Audit
• IT Regulatory Compliance
• Risk Assessment
• Control Testing

When you join our team:

• Well empower you to learn and grow the career you want.
• Well recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team well support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider helping people make their decisions easier and lives better. To learn more about us visit is an Equal Opportunity Employer

At Manulife/John Hancock we embrace our diversity. We strive to attract develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment retention advancement and compensation and we administer all of our practices and programs without discrimination on the basis of race ancestry place of origin colour ethnic origin citizenship religion or religious beliefs creed sex (including pregnancy and pregnancy-related conditions) sexual orientation genetic characteristics veteran status gender identity gender expression age marital status family status disability or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process contact .