Analyst, Information Risk Management

The Analyst, Information Risk Management, supports the Information Risk Officer (IRO) by providing Line 2 oversight activities across Global Cybersecurity Services (GCS). This role assists with risk assessments, control reviews, issue management, and reporting to help ensure technology and cybersecurity risks are appropriately identified, documented, and monitored. The Analyst works with Line 1 partners to gather information, validate controls, and support effective risk governance.

• Support Line 2 reviews of technology, cyber, data, AI, and emerging tech risks.
• Assist with RCSAs, control testing, ad-hoc risk assessments, and technology change reviews.
• Help review control documentation across areas such as cloud, IAM, data protection, infrastructure, resilience, and disaster recovery.
• Track and monitor risk exceptions, issues, and corrective action plans.
• Support review of reportable events and third‑party risk assessments.
• Provide data, evidence, and analysis to support Line 2 challenge.

• Prepare materials, metrics, and updates for dashboards and risk reporting.
• Maintain documentation, templates, and process artifacts to support consistent oversight.
• Work with partners across Technology Risk, Standards Governance, Operational Risk, Privacy, and Compliance to support aligned risk interpretation.
• Identify opportunities to improve documentation quality, streamline processes, and enhance assessment consistency.

• Communicate clearly and concisely with stakeholders.
• Build strong working relationships across Line 1 and Line 2 teams.
• Demonstrate curiosity, attention to detail, and a commitment to a strong risk culture.

• 2–4+ years in technology risk, cybersecurity, IT audit, compliance, or related roles
• Bachelor’s degree in computer science, computer engineering, IT Security, or a related field or equivalent experience.
• Foundational knowledge of cloud, IAM, data protection, infrastructure, or cybersecurity concepts
• Experience supporting RCSAs, control testing, or risk assessments
• Strong analytical and documentation skills
• Ability to work with stakeholders across technology, cyber, privacy, and risk teams
• Strong written and verbal communication skills & detail-oriented with strong organizational skills
• Bilingualism (English and French) is an asset. If the successful candidate is in Québec, proficiency in English will be required to support clients from various provinces outside of Quebec.

• Professional certifications or working towards such as CISSP, CISA, CRISC and CISM is an asset
• Familiarity with risk frameworks (NIST CSF, ISO 27001, CIS Controls) is an asset

• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we’ll support you in shaping the future you want to see.

#LI-Hybrid

Manulife Financial Corporation es un importante proveedor internacional de servicios financieros que ayuda a las personas a tomar decisiones de una manera más fácil y a vivir mejor. Para obtener más información acerca de nosotros, visite  .

En Manulife/John Hancock, valoramos nuestra diversidad. Nos esforzamos por atraer, formar y retener una fuerza laboral tan diversa como los clientes a los que prestamos servicios, y para fomentar un entorno laboral inclusivo en el que se aprovechen las fortalezas de las culturas y las personas. Estamos comprometidos con la equidad en las contrataciones, la retención de talento, el ascenso y la remuneración, y administramos todas nuestras prácticas y programas sin discriminación por motivos de raza, ascendencia, lugar de origen, color, origen étnico, ciudadanía, religión o creencias religiosas, credo, sexo (incluyendo el embarazo y las afecciones relacionadas con este), orientación sexual, características genéticas, condición de veterano, identidad de género, expresión de género, edad, estado civil,…