Information Security and Risk Officer
Toronto, ON
Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.

Job Description


We are seeking a talented Information Security and Risk Officer to join Enterprise Technology & Services team. This is a 1st line of defense IT Governance role in which the incumbent will enable businesses and IT partners to recognize and manage their cyber and information security risks in a vibrant business environment.

The incumbent will be part of the team which will work with different service areas within ETS. You will serve as trusted partner and subject matter expert to the business and help them protect their information assets. You will participate in critical global projects and initiatives to ensure Information risk is always appropriately managed. As a security officer you will perform security risk assessments, vendor assessments and consulting on various projects & implementation of tools or services. You will work closely with infrastructure, development, application teams on implementation of security controls to ensure the integrity of information security policies, procedures and standards; also report to senior management on the effectiveness of such controls.

You will join a world-class company known for its commitment to diversity, community involvement and work-life balance via the WorkSmart program where 20% Manulife’s North American employees work from home. We are committed to the personal and professional development of our team members, including support for attaining and keeping industry designations and certifications.

As Information Security and Risk Officer you will be:
Assisting project teams with identifying and validating security requirements or leading the completion of information risk assessments.
Performing in-depth risk assessments on projects from technical security perspective to ensure that the security safeguards and controls are in-line with Manulife Security policy and standards.
Conducting security risk assessments of 3rd parties. Assessment types include self-assessment questionnaires, performing site visits and examining external audit reports (i.e. SOC 2 type 2, ISO 27001).
Providing input and recommendations to the ETS Service Areas on information security requirements and best practices.
Assisting with security incident investigations & service provider threat notifications for the ETS Service Areas.
Support other operational security activities including oversight of ongoing security processes (e.g., incident response, ad hoc queries, periodic access reviews and vulnerability management)
Working with the ETS Service Areas to help define and improve Information Security practices.
Working with the ETS Service Areas on input and recommendations to hardening standards for the relevant technologies within each of the ETS Service Areas.
Working with the ETS Service Areas on Go Live Acceptance Reviews for new infrastructure & services associated with ETS Service Areas
Reporting on security metrics and compliance with company policies/standards.
Take on other information risk management tasks as required.

5+ years of relevant information security and information risk management experience.
Experience with FAIR or comparable quantitative risk management frameworks is a plus
Post-secondary diploma or degree in computer science fields of study is preferred.
Professional certification(s) related to information security or information risk management such as CISSP, CISM, CISA, GIAC are preferred.
Working knowledge and experience in the following areas is a plus:
Security architecture and controls in various infrastructure platforms (i.e. Windows, Unix, Virtual hosting, networking, end user technology, cloud computing including Infrastructure as a Service (IaaS) and Platform as a Service (PaaS)).
Security systems such as privilege management system, SIEM/big data solution for security monitoring, NAC, vulnerability management solution and operating model, PKI/Encryption technology, APT solutions (FireEye, Zscaler), Firewall/IPS, WAF etc.
Knowledge of application security best practices such as secure coding, security testing techniques
Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
Configuration Management Technologies (i.e. Ansible, Chef, Puppet), Infrastructure Automation Technologies (i.e. Terraform), Build Automation Technologies (i.e. Jenkins, Concourse), Containerization & Cloud Orchestration Technologies (i.e. Cloud Foundry, Kubernetes, Dockers)
Windows and related services (i.e. Active Directory, DNS, IIS, MSSQL), Active Directory Federated Services and Protocols (i.e. ADFS, SAML)
Collaboration and messaging platforms (i.e. Office 365, Sharepoint)
Mobile Devices along with Mobile Device Management / Mobile Application Management Platforms and Services
Proven ability to build relationships, engage and influence others, and work with diverse internal and international user communities as well as vendors
Previous experience in the Financial, Insurance or Healthcare sectors considered an asset.
Experience implementing and/or supporting a large-scale corporate enterprise solution.

Focused on helping ETS Service Areas achieve their objectives; understands that Information Security must enable the business.
Strong written and verbal communication and effective negotiation skills.
Strong technical skills and background with the ability to easily develop strong working capabilities with new technologies and the related security implications
Influences others across the organization to accomplish their objectives.
Works independently and takes initiative.
Handles conflict well and maintains professionalism at all times.
Takes ownership for their objectives and ensures they are achieved.
Functions well as part of a distributed team.
Strong analytical skills.
Ability to step back for cross-organization context or to pivot to specific, detailed technology and/or risk review.

Toronto, Waterloo or Boston

If you are ready to unleash your potential, it’s time to start your career with Manulife/John Hancock.

About Manulife
Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. We operate primarily as John Hancock in the United States and Manulife elsewhere. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. At the end of 2018, we had more than 34,000 employees, over 82,000 agents, and thousands of distribution partners, serving almost 28 million customers. As of December 31, 2018, we had over $1.1 trillion (US$794 billion) in assets under management and administration, and in the previous 12 months we made $29.0 billion in payments to our customers.

Our principal operations in Asia, Canada and the United States are where we have served customers for more than 100 years. With our global headquarters in Toronto, Canada, we trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.

Manulife is committed to supporting a culture of diversity and accessibility across the organization. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request an accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.