Information Security Manager

The Information Security Manager evaluates technology environments through control testing, compliance assessments, identifies key gaps and recommends actions for remediation. Partners with other teams for cybersecurity controls assessment and tests effectiveness of cybersecurity controls ensuring that systems and processes meet industry standards and regulatory requirements.Position Responsibilities:Plans, conducts and manages cybersecurity and technology controls testing, compliance assessments including IT systems and processes for design and operating effectiveness.Develops and maintains test procedures and plans for IT Security Controls, ensuring alignment with key objectives, industry standards and regulatory requirements.Evaluates the organization’s compliance with preferred cybersecurity frameworks.Performs control testing, security assessments, and risk analysis on systems, applications, and network infrastructure to identify potential weaknesses and security gaps.Analyzes test results, identifies security control deficiencies, and recommends solutions to resolve identified issues.Partners with operations and IT teams to ensure that all IT security controls are adequately tested and implemented.Tracks security issues/risks, prepares comprehensive reports outlining findings, recommendations and actionable insights to senior management and stakeholders.Collaborates with cross-functional teams including IT, legal, compliance and liaises with law enforcement and other external entities to address findings and implement corrective action.Develops innovative approaches and solutions, including use of data analytics, Agile methodology, and automation to improve overall effectiveness and value of the controls testing team.Ensures compliance with applicable security policies and standards.Stays updated on latest cybersecurity threats, vulnerabilities, and testing techniques, contributing to the enhancement of cybersecurity practices within the organization.Provides professional advice – takes a lead role of process or program executionIs accountable for own work and contributes to setting standards through expertise in own job discipline that impact others’ deliverablesWork is guided by cascaded policies or business plansMay lead medium to large size projects or work streams with moderate resource requirements, risk and/or complexity with multiple teams representing different interestsRequired Qualifications:Knowledge of IT security controls and technologies, IT systems and networks, security testing, security policies, standards, and regulationsExperience performing compliance and control testing assessmentsKnowledge of frameworks such as NIST CSF, ISO 27001 and CIS Top 20 ControlsProficiency in understanding operating systems (Windows, Linux, Unix), network protocols, and cybersecurity frameworksUnderstanding of cloud computing security principles and leading practicesUnderstanding of legal and regulatory requirements related to cybersecurity, privacy, and data protection laws relevant to the organizationKnowledge of data privacy laws, data security issues, encryption techniques, data classification, and data loss prevention mechanismSkills:CybersecuritySecurity ComplianceIT ControlsIT AuditIT Regulatory ComplianceRisk AssessmentControl TestingWhen you join our team: We’ll empower you to learn and grow the career you want. We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words. As part of our global team, we’ll support you in shaping the future you want to see.About Manulife and John HancockManulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit .Manulife is an Equal Opportunity EmployerAt Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact .Working ArrangementHybrid