Information Security Manager

Overview The Information Security Manager evaluates technology environments through control testing, compliance assessments, identifies key gaps and recommends actions for remediation. Partners with other teams for cybersecurity controls assessment and tests effectiveness of cybersecurity controls ensuring that systems and processes meet industry standards and regulatory requirements. Responsibilities Plans, conducts and manages cybersecurity and technology controls testing, compliance assessments including IT systems and processes for design and operating effectiveness. Develops and maintains test procedures and plans for IT Security Controls, ensuring alignment with key objectives, industry standards and regulatory requirements. Evaluates the organization’s compliance with preferred cybersecurity frameworks. Performs control testing, security assessments, and risk analysis on systems, applications, and network infrastructure to identify potential weaknesses and security gaps. Analyzes test results, identifies security control deficiencies, and recommends solutions to resolve identified issues. Partners with operations and IT teams to ensure that all IT security controls are adequately tested and implemented. Tracks security issues/risks, prepares comprehensive reports outlining findings, recommendations and actionable insights to senior management and stakeholders. Collaborates with cross-functional teams including IT, legal, compliance and liaises with law enforcement and other external entities to address findings and implement corrective action. Develops innovative approaches and solutions, including use of data analytics, Agile methodology, and automation to improve overall effectiveness and value of the controls testing team. Ensures compliance with applicable security policies and standards. Stays updated on latest cybersecurity threats, vulnerabilities, and testing techniques, contributing to the enhancement of cybersecurity practices within the organization. Provides professional advice – takes a lead role of process or program execution Is accountable for own work and contributes to setting standards through expertise in own job discipline that impact others’ deliverables Work is guided by cascaded policies or business plans May lead medium to large size projects or work streams with moderate resource requirements, risk and/or complexity with multiple teams representing different interests Required Qualifications Knowledge of IT security controls and technologies, IT systems and networks, security testing, security policies, standards, and regulations Experience performing compliance and control testing assessments Knowledge of frameworks such as NIST CSF, ISO 27001 and CIS Top 20 Controls Proficiency in understanding operating systems (Windows, Linux, Unix), network protocols, and cybersecurity frameworks Understanding of cloud computing security principles and leading practices Understanding of legal and regulatory requirements related to cybersecurity, privacy, and data protection laws relevant to the organization Knowledge of data privacy laws, data security issues, encryption techniques, data classification, and data loss prevention mechanism Skills Cybersecurity Security Compliance IT Controls IT Audit IT Regulatory Compliance Risk Assessment Control Testing Working with the Team We’ll empower you to learn and grow the career you want. We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words. As part of our global team, we’ll support you in shaping the future you want to see. About Manulife and John Hancock Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit Equal Opportunity Employer Manulife is an Equal Opportunity Employer At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact Working Arrangement Hybrid #J-18808-Ljbffr