Senior Director, Information Risk Management – John Hancock – Boston, MA

Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.

Job Description

The Senior Director, Information Risk Management is responsible for the overall delivery of the 2nd Line of defense risk oversight program across North America with primary focus on the U.S. Segment at John Hancock.

The incumbent will serve as a Subject Matter Expert on information security, technology risk and business continuity management with the North America Information Risk Management (IRM) team. The director will drive the execution of highly complex and technical processes related to information risk including, but not limited to, review of information risk controls, risk identification and treatment, meeting local regulatory requirements, consulting on technology priorities, strategies, and solutions in accordance with global information risk policies, standards, programs, processes and supporting systems. The incumbent will oversee the IRM team to ensure the work is managed, prioritized, and completed to meet business goals, drivers, and commitments within the organization’s risk appetite.

Key Accountabilities:

  • Delivering the 2nd line information risk oversight program to the technology and business segments in the U.S. (primary) and Canada while enabling the Segments to manage their information risk efficiently and effectively.

  • Managing the information risk team and function with direct reports in the U.S.

  • In a changing environment, constantly reviewing and balancing the team’s business-as-usual commitments with short-term/immediate priorities and long-term strategic initiatives. Completing short-term planning and enabling long-term strategies that will mature information risk management ensuring the practices keep pace with both internal drivers (company strategy and goals) and external drivers (technology, regulations, threats and vulnerabilities).

  • Promoting a diverse, equitable and inclusive information risk culture.

  • Staying abreast of new regulations, laws and requirements for information risk, information security, cybersecurity, information protection and privacy across jurisdictions and overseeing company compliance with as required.

  • Ensuring the team is properly trained and kept current with information risk and cyber security developments, threats and emerging technology.

  • Interacting and cooperating with information risk teams globally ensuring uniform processes and compliance with Global IRM processes, procedures, policies, standards, templates, and guidelines.

  • Providing 2nd line reviews of risk assessments (projects, vendors, incidents) as required. Work with senior management to ensure their informed consent and understanding of risk treatments and acceptances within the organization’s risk appetite.

  • Maintaining and fostering enduring relationships with internal customers, namely:

    • executives and other staff within the Segments.

    • project managers, software engineers and other key players.

    • executives and peers in the wider IRM community.

    • executives and others within other second- and third line of defense teams (Audit Services, Enterprise and Operational Risk, Compliance, Privacy, Investigative Services, etc.).

Job Requirements (Experience/Knowledge/Skills):

  • 10+ years of progressive leadership in the areas of Information Security / Business Resiliency / Technology Risk strategies, principles, processes, and deliverables within a large enterprise

  • University degree (Computer Science or related discipline preferred)

  • Expertise in best practices of various aspects of information risk management and prior experience as a leader in Information Risk (2nd line of defense preferred)

  • Strong communication skills and ability to explain highly technical information for non-technologists including business executives

  • Strong competencies in collaboration, problem solving and influencing key risk decisions

  • Knowledge of the regulatory environments in the U.S. and Canada

  • Knowledge of security software, IT audit and security, programming/coding and/or IT compliance

  • Recognized professional designations in Information Security, Audit and Business Continuity (e.g. CISSP, CISA, CISM, CRISC, CSSLP, MBCP)

If you are ready to unleash your potential, it’s time to start your career with Manulife/John Hancock.

About Manulife

About Manulife Manulife Financial Corporation is a leading international financial services provider that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Canada, Asia, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and our global wealth and asset management segment, Manulife Investment Management, serves individuals, institutions and retirement plan members worldwide. At the end of 2020, we had more than 37,000 employees, over 118,000 agents, and thousands of distribution partners, serving over 30 million customers. As of March 31, 2021, we had CAD$1.3 trillion (US$1.0 trillion) in assets under management and administration, and in the previous 12 months we made $31.3 billion in payments to our customers. Our principal operations are in Asia, Canada and the United States where we have served customers for more than 155 years. We trade as ‘MFC’ on the Toronto, New York, and the Philippine stock exchanges and under ‘945’ in Hong Kong.

Manulife is an Equal Opportunity Employer

At Manulife /John Hancock , we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour , ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process . All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies . To request a reasonable accommodation in the application process, contact [email protected] .

Click Here To Apply

%d bloggers like this: