Director, Information Risk Management – Global Risk

About The Position

Requirements

• 12+ years in Technology Risk, Information Risk Management, Cyber Risk, with 5+ years in a risk leadership or second-line oversight role.
• Deep experience within financial services, insurance, or wealth management in a global context.
• Proven ability to challenge senior technology and data leaders with credibility, capable of translating technical risks into business impact.
• Experience leading or influencing globally distributed teams.
• Demonstrated oversight of Infrastructure & Operations, Cloud and hybrid environments, Data platforms and analytics and corporate enterprise applications.
• Strong understanding of GRC workflows, including business goals, governance, risk management, controls, compliance, audit and assurance and improvement.
• Familiarity with GRC platforms (e.g. Archer, ServiceNow, Fusion).
• Working knowledge of Global Regulatory Guidelines and Control frameworks (CSA STAR for AI, CCM, ISO, NIST, COBIT, COSO).
• Bilingualism (English and French) is a strong asset. If the successful candidate is in Québec, proficiency in both languages will be required to support clients from various provinces outside of Quebec.

Nice To Haves

• Experience in applying engineering principles to risk management, exposure to automated control monitoring and evidence collection, and a background partnering closely with Operations and Platform teams.

Responsibilities

• Provide credible, independent challenge to first-line technology and data leaders on risk design, control effectiveness, and residual risk exposure.
• Assess and opine on the adequacy of technology, infrastructure, data, platform and application controls against internal standards, regulatory expectations, and industry best practices.
• Ensure technology and data risks are clearly articulated, quantified where possible, and aligned to risk appetite.
• Review and challenge material risk acceptances, control exceptions, and remediation plans.
• Challenge operational resilience, capacity management, monitoring, patching, vulnerability, identity, and access control practices.
• Oversight of risks related to cloud, on-prem infrastructure, networks, end-user computing, resilience, availability, disaster recovery, and third-party dependencies.
• Ensure strong alignment between data governance, data risk, model risk, and information security.
• Oversight of data risk across data platforms, analytics, AI/ML, data quality, lineage, privacy, and regulatory data obligations.
• Oversight of technology risks supporting Finance, HR, Legal, Compliance, Risk, and Internal Audit systems.
• Challenge risks associated with financial reporting technology, regulatory reporting, and corporate data.
• Ability to stay abreast of new and emerging regulatory requirements as well as emerging and evolving risks.
• Drive adoption of workflow-based risk management, ensuring risks, controls, issues, exceptions, and attestations are consistent, adequate, reasonable and effective through standardized and automated practices that are traceable end-to-end.
• Support the design of event-driven risk workflows integrating automated control monitoring mechanisms from source systems (e.g, CI/CD, Observability, Ticketing, Lakes, Warehouses) to reduce manual assessments.
• Support the design of orchestration patterns that connect risk assessments, business continuity and disaster recovery, control testing, issue management, incident root cause analysis, vendor risk concurrences, regulatory obligations and audit and examination responses.
• Provide unbiased and evidence-based oversight to ensure that risk assessments not only meet regulatory requirements but also align with Manulife's strategic objectives and risk appetite, fostering continuous improvement in the organization's cybersecurity posture.

Benefits

• health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans.
• various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources.
• holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence.