Manager, Information Risk Management

The Manager, Information Risk Management, plays a key role in providing independent Line 2 oversight across Global Cybersecurity Services (GCS) and broader technology domains. This role leads and executes complex risk assessments, provides credible challenge to control owners and senior technology partners, and ensures that technology, cyber, data, AI, and emerging tech risks are appropriately identified, managed, and governed.  The Manager acts as a trusted advisor, contributes to the evolution of IRM oversight practices, and may lead or coach junior analysts to support consistent, high‑quality risk governance across the enterprise.

Position Responsibilities:

Independent Oversight & Support

• Lead Line 2 oversight activities across technology, cyber, data, AI, cloud, and emerging technology domains.

• Perform oversight and challenge on complex RCSAs, thematic reviews, technology change assessments, and targeted risk deep dives.

• Provide expert review and challenge of Line 1 control documentation in areas such as cloud security, IAM, data protection, infrastructure, resilience, and disaster recovery.

• Oversee and validate the quality of risk assessments, evidence, and remediation commitments provided by Line 1 partners.

• Monitor and escalate significant issues, risk exceptions, control gaps, and corrective action plans.

• Review reportable events, including security incidents, operational disruptions, and third‑party risks, ensuring accurate classification and effective remediation.

Governance, Reporting & Collaboration

• Develop and deliver high‑quality risk reporting, dashboards, and insights for senior leadership, risk committees, and governance forums.

• Maintain and enhance oversight processes, documentation, templates, and guidance materials to support a consistent risk practice.

• Identify opportunities to uplift risk maturity, streamline processes, and strengthen the effectiveness of IRM oversight.

• Contribute to the development of policies, standards, and methodologies in collaboration with Standards Governance, Technology Risk, Operational Risk, Privacy, and Compliance.

• Represent IRM in cross‑functional forums, working groups, and strategic initiatives.

Professional Skills

• Communicate clearly and concisely with stakeholders.

• Build strong working relationships across Line 1 and Line 2 teams.

• Demonstrate curiosity, attention to detail, and a commitment to a strong risk culture.

Required Qualifications:

• 5–7+ years of experience in technology risk, cybersecurity, IT audit, or related domains.

• Bachelor’s degree in computer science, computer engineering, IT Security, or a related field or equivalent experience.

• Strong knowledge of cloud, IAM, cyber operations, resilience, infrastructure, or data protection concepts.

• Experience leading oversight reviews of RCSAs, control testing programs, complex risk assessments, or thematic reviews.

• Strong capability in analyzing technical risks and presenting them in business-relevant terms.

• Demonstrated ability to engage and influence senior stakeholders across Technology, Cyber, and Risk teams.

• Strong written and verbal communication skills & detail-oriented with strong organizational skills

• Proactive, adaptable, and able to operate effectively in a dynamic and maturing risk environment.

• Strong communication skills, clear, concise risk messaging for senior leaders.

• Bilingualism (English and French) is an asset. If the successful candidate is in Québec, proficiency in English will be required to support clients from various provinces outside of Quebec.​

Preferred Qualifications:

• Professional certifications or working towards such as CISSP, CISA, CRISC and CISM is an asset

• Deep familiarity with risk and control frameworks (e.g., NIST CSF, ISO 27001, CIS Controls) is an asset

• Experience coaching others or providing informal leadership is considered an advantage.

When you join our team:

• We’ll empower you to learn and grow the career you want.

• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our global team, we’ll support you in shaping the future you want to see.

#LI-Hybrid

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact [email protected].

Referenced Salary Location

Salary range is expected to be between

If you are applying for this role outside of the primary location, please contact [email protected] for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.

Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact [email protected] for more information about U.S.-specific paid time off provisions.