Information Security Risk Advisor
Job Overview
Job title: Information Security Risk Advisor
Job description: Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.
Job Description
As part of the Global Information Risk Management (GIRM) function, the second-line Information Security Management (ISM) cybersecurity team is focused on influencing the cybersecurity strategy. In addition, the function manages cybersecurity risk and responsible to provide oversight and challenge to the first-line Information Security (IS) and information Technology (IT) functions. ISM aligns with leadership to set the cybersecurity risk culture, supports IS/IT in identifying, and mitigating cybersecurity risks end to end, and provides an objective view of key risks to enable business decisions. ISM also provides processes, data, skilled resources, and insight to track accountability and enable risk-based decisions. Measures performance against mandatory requirements, such as risk standards, informing our operational risk position.
You will join a world-class company known for its commitment to diversity, community involvement, and work-life balance. We are committed to the personal and professional development of our team members, including support for attaining and keeping industry designations and certifications.
- Measure and report on compliance with mandatory standards (information risk management / operational risk management) and supporting internal control functions
- Define procedures for governance and assurance measurements (both KRI and KPI)
- Review and assess the condition of controls against established criteria. Evaluate to verify controls meeting established assurance objectives
- Develop and assist in completing corrective action plans for key controls/measures that cannot be measured or where control deficiencies exist
- Work with the internal ISM team to help define and improve Information Security assurance practices. Provide input and recommendations on best practices
- Perform 2nd line security risk assessments to ensure that the safeguards and controls are in-line with Manulife Security policy and standards.
- Assist with metrics creation and reporting
- Report on security metrics and compliance with company policies/standards
- Maintain awareness of current and emerging threats and stay abreast of current and developing technologies, risks, and security best practices
- Support in maintaining issues management data using governance, risk and control platform (Archer)
- Identify problems, propose then execute solutions
- Research and investigate independently new issues and innovations to maintain currency of cybersecurity and risk management expertise
You Bring:
- Ability to present to and work with all levels of management
- Ability to handle complex issues
- Ability to manage high Visibility and high-risk consequences
- Effective communication, presentation, negotiation and influencing skills.
- Proven ability to quickly and easily adapt to changes within the business and organization.
- Able to explain and bring business specific context to key ISM and IRM principles
- 3-5 years of relevant information security and information risk management experience
- Experience with information security risk assessment methodologies
- Experience with reporting and metrics tools (i.e. MS Excel, MS Access, PowerBI or others)
- Experience with ISO 27001/27002 and/or NIST Cybersecurity Framework, CIS Top 20 Critical Controls etc.
- Demonstrated knowledge of technological trends and developments in the area of information security & risk management
- Experience implementing and/or supporting a large-scale corporate enterprise solution.
- Ability to balance competing demands with little management direction/support
Nice to Have:
- Experience or working knowledge with regulators (i.e. OSFI, SEC, NYDFS etc.)
- Professional certification(s) related to information security or information risk management such as CISSP, CISM, CISA, GIAC
- Working knowledge in two or more of the following domains:
- Vulnerability and Configuration Management (VCM), Security architecture and controls in various infrastructure platforms (i.e. Windows, Unix, Virtual hosting, access management, networking, end-user technology, cloud computing Azure, AWS Infrastructure as a Service (IaaS), and Platform as a Service (PaaS)).
- GRC Platform such as Archer
- Previous experience in the Financial, Insurance, or Healthcare sector
This role is available in Waterloo, Toronto, Boston or Remote.
If you are ready to unleash your potential, it’s time to start your career with Manulife/John Hancock.
About Manulife
Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Canada, Asia, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups and institutions. At the end of 2020, we had more than 37,000 employees, over 118,000 agents, and thousands of distribution partners, serving over 30 million customers. As of December 31, 2020, we had $1.3 trillion (US$1.0 trillion) in assets under management and administration, and in the previous 12 months we made $31.6 billion in payments to our customers. Our principal operations are in Asia, Canada and the United States where we have served customers for more than 155 years. We trade as ‘MFC’ on the Toronto, New York, and the Philippine stock exchanges and under ‘945’ in Hong Kong.
Manulife is an equal opportunity employer. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention and advancement and we administer all of our practices and programs based on qualification and performance and without discrimination on any protected ground. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request any accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.
Company: Manulife
Expected salary:
Location: Toronto, ON
Job date: Fri, 07 May 2021 03:34:33 GMT