Director, Risk Assessment Modernization

Overview Join our Global Technology Governance & Control team Governance & Control (G&C) is the first line of defence in our organization, focused on managing and mitigating risk. We partner with leadership to develop risk culture, define strategy, and deliver the tools, insights, and expertise needed to make confident, risk-aware decisions. Our work supports the broader Technology and Enterprise strategies — and we’re transforming Position Responsibilities Collaborating with our AVP, you’ll be at the center of crafting how we manage risk throughout the Global Technology area. You will set the vision and lead the design of risk assessment strategies across the teams.

Your role

is pivotal in driving innovation, efficiency, organizational resilience, regulatory compliance, and cybersecurity maturity. Your work will be dynamic, strategic, and future-focused.

Responsibilities

– Snapshot Of Your Impact Automation‑First Governance Strategy — Lead the vision and execution of automation‑enabled digital security and information systems governance. Build and modernize frameworks that embed AI, analytics, and workflow automation into evaluating and managing risks, oversight of controls, and regulatory compliance activities — while ensuring alignment with global regulatory requirements and industry common practice (e.g., NIST, ISO 27001, GDPR, PCI DSS, SOX, OSFI, SEC, FINRA, DORA, NYDFS, CPRA, FFIEC). Advisor on Control Automation & Intelligent Risk Detection — Serve as the senior advisor on opportunities to digitize, instrument, and automate technology and cybersecurity controls. Provide expert guidance on emerging technologies, continuous control monitoring, predictive risk signals, and automated issue detection.

Technology-Based Risk Assessment & Process Modernization — Identify, evaluate, and deploy AI and automation capabilities to streamline and enhance risk identification, assessment, testing, and reporting. Champion the shift from manual, point‑in‑time processes to automated, real‑time, data‑based oversight. Regulatory Intelligence with Automated Impact Analysis — Monitor global regulatory developments and lead the automation of regulatory mapping, impact assessments, and control‑to‑regulation traceability. Translate complex, evolving requirements across North America, EU, UK, and Asia-Pacific into digital action plans and automated compliance workflows.

Digital Compliance Program Management — Lead all aspects of compliance programs, focusing on automation. This includes digitized evidence collection, automated audit preparation, and software-generated reporting for regulators, committees, and boards. Reduce manual burden through scalable, repeatable technology solutions. Risk Taxonomy & Methodology Modernization — Own the evolution of risk and control methodologies, embedding automation, standardization, and data-driven scoring.

Ensure consistent global application and enable system-enforced governance across teams and regions. Lead Communities of Practice — Establish and guide communities that promote risk management guidelines across the Technology Function. Develop training, publish reusable patterns, and track adoption and performance improvements. Automated Reporting & Insights — Drive the development of automated dashboards, scorecards, and trend analyses for individual risk programs.

Deliver real-time insights that improve decision-making, highlight emerging risks, and track compliance posture with minimal manual intervention. A Global Automation Ambassador — Represent the function in global forums, leadership meetings, conferences, and strategic workgroups. Advocate for technology-enabled governance, share insights on digital risk trends, and influence global strategy. Keep Us On Track — Contribute to weekly and monthly reporting — scorecards, dashboards, trackers, summaries.

Required Qualifications A tech-forward and regulation-savvy leader proficient in automation. Ability to modernize global technology risk and compliance programs with machine intelligence, data insights, and digital workflows. Influence senior leadership and lead large-scale organizational change. Minimum 10+ years of progressive experience in technology risk, cybersecurity, information security, operational risk, business resiliency, or audit within large global enterprises.

Strong academic and professional foundation, including relevant degrees (Computer Science, Information Security, Business, etc.) and certifications such as CISSP, CISM, CRISC, or CPA. Expertise in risk and control frameworks, including hands‑on use of GRC platforms (Archer preferred), solid command of control standards, and depth in risk assessment, control testing, scoring methodologies, and taxonomy modernization. Advanced automation and AI capability, including workflow tools, RPA, orchestration, control digitization, and the deployment of AI/ML for continuous monitoring, predictive analytics, automated reporting, and real‑time oversight. Proven leadership delivering large‑scale transformation, including modernization initiatives, new tooling, automation programs, and organization‑wide adoption.

Strong analytical and reporting skills, with proficiency in dashboards, scorecards, critical metrics, BI/analytics tools (Power BI, Tableau), and converting data into actionable insights for senior leadership. When You Join Our Team We’ll empower you to learn and grow the career you want. We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words. As part of our global team, we’ll support you in shaping the future you want to see.

About Manulife And John Hancock Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit Manulife is an Equal Opportunity Employer At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact Salary/Location Details Referenced Salary Location Toronto, Ontario.

Working Arrangement Hybrid.

Salary

range is expected to be between $113,260.00 CAD - $210,340.00 CAD. If you are applying for this role outside of the primary location, please contact for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance. #J-18808-Ljbffr