Associate DirectorSenior Manager, Information Risk Management (IT Controls & Governance)

Associate Director/Senior Manager Information Risk Management (IT Controls & Governance)

Position Responsibilities:

• Security Testing: Execute security testing using methodologies such as SAST SCA and DAST to identify vulnerabilities. Leverage tools like Snyk for open-source dependency and container image security

• Information Risk Assessments: Conduct risk assessments for IT initiatives prior to go-live review release evidence and ensure compliance with internal and industry standards

• Third-Party Risk Management: Oversee vendor onboarding and governance ensuring procurement aligns with security requirements and contractual clauses

• Vulnerability Management: Apply OWASP Top 10 and NIST guidelines to prevent common vulnerabilities such as injection flaws and broken access controls

• Secure Development: Embed security practices into SDLC and DevOps workflows ensuring integration with CI/CD pipelines and version control systems

• Cloud Security: Assess and validate security controls for cloud platforms (e.g. Microsoft Azure Alibaba Cloud) and cloud-native services such as Kubernetes and microservices

• GenAI Security Evaluation: Evaluate security risks in Generative AI projects ensuring responsible use and compliance with data privacy and integrity standards

• Communication & Compliance: Translate technical risks into actionable insights for technical and non-technical stakeholders including presenting security concerns and posture to all levelsfrom developers to senior executives and providing regular updates to C-level leadership.

• Reviewing penetration testing reports and automated scans (Snyk GitGuardian).

• Developing automated security reports using Power BI Python or Power Automate.

• Leading security audits and implementing remediation plans.

• Acting as product owner for enterprise SCA & SAST solutions driving migration strategies and improving DevSecOps maturity.

• Managing penetration testing programs and refining methodologies based on stakeholder feedback.

• Enhancing AppSec risk metrics for accurate visualization and remediation guidance.

Required Qualifications:

• Bachelors degree in Computer Science Information Security or related field (or equivalent experience)

• Proven experience in information security and compliance monitoring preferably in cloud environments

• Strong analytical skills and ability to interpret complex security reports.

• Familiarity with penetration testing and DevOps tools (BurpSuite Snyk GitHub GitGuardian)

• Knowledge of OWASP trends and Generative AI risk considerations

• Programming proficiency in Python or experience with Microsoft Power Automate

• Experience with Power BI or similar visualization tools

• Excellent communication and collaboration skills

• Relevant certifications (CISSP CISM CEH) preferred

• Understanding of IT control frameworks and regulatory requirements (ISO 27001 NIST COBIT PDPO GDPR)

When you join our team:

• Well empower you to learn and grow the career you want.

• Well recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our global team well support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider helping people make their decisions easier and lives better. To learn more about us visit is an Equal Opportunity Employer

At Manulife/John Hancock we embrace our diversity. We strive to attract develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment retention advancement and compensation and we administer all of our practices and programs without discrimination on the basis of race ancestry place of origin colour ethnic origin citizenship religion or religious beliefs creed sex (including pregnancy and pregnancy-related conditions) sexual orientation genetic characteristics veteran status gender identity gender expression age marital status family status disability or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process contact .