Join the Enterprise Technology Services Governance & Controls (ETS G&C Team), where you'll help drive a strong risk-aware culture by supporting key governance processes including Information risk assessments, Reportable Events, CAP Management, Exception Requests while demonstrating hands-on Archer experience to manage technical risks and deliver timely, accurate insights. This role requires technical proficiency, independent execution, and cross-team collaboration within a supportive, growth-focused environment that values continuous learning and professional development.
Position Responsibilities:
Perform information risk assessments in compliance with the global Information Risk Assessment methodology, policies, and standards. Assess new and existing development, testing, deployment, monitoring, and security tools within various areas and business units. In collaboration with developers, engineers, and support teams, implement and automate security controls, including those for cloud architectures and container workloads, into CI/CD pipelines.Independently manage the full lifecycle of reportable events, including investigation, customer engagement, and approval in Archer, while ensuring alignment with internal governance processesCoordinate exception requests by engaging with requestors to understand the rationale, assess risk impact, validate compensating controls, draft and document exceptions in Archer, and collaborate with Line 2 to seek approval.Develop and assist in completing corrective action plans for key controls/measures that cannot be measured or where control deficiencies existCollaborate with multi-functional teams including ETS teams – cloud, architecture, IT Asset Management, Infrastructure, Line 2, and control customers to ensure effective execution of risk processes and alignment with enterprise governance standardsRequired Qualifications:
3-5 years of experience in technology risk or information security, preferably within a regulated financial environment.University degree or equivalent experience in Computer Science, Information Technology, or a related field is preferred.Solid grasp of security domains, including risk assessment, incident response, and regulatory standards.Knowledge and experience with tools like Archer, Jira, Confluence, Service Now.Familiarity with regulatory frameworks such as OSFI’s B-13 (Technology and Cyber Risk Management), NIST standards, and SOC 1/SOC 2 complianceProfessional certifications such as CISSP, CISA, CRISC, CISM are preferred.Strong analytical and communication skills, with the ability to manage customers effectively.When you join our team:
We’ll empower you to learn and grow the career you want.We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.As part of our distributed team, we’ll support you in shaping the future you want to see.About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit .
Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared…
