Information Security Specialist

An Information Security Specialist focusing on project risk assessment and audit is responsible for evaluating potential security risks associated with new and ongoing projects. This specialist conducts thorough risk assessments to identify vulnerabilities and recommends mitigation strategies to safeguard sensitive data and systems.

Position Responsibilities:

• Continuously evaluate and communicate information security, data privacy, and compliance risks through Information Risk Assessments on applications and projects.
• Perform periodic identity and access management reviews.
• Develop and deliver information risk/security/privacy awareness and compliance training programs.
• Develop, refine, and implement company-wide security policies, procedures, and standards to meet compliance responsibilities.
• Work with auditors, operations teams, and project delivery teams to conduct key risk audits.
• Monitor compliance with security policies, standards, guidelines, and procedures.
• Report to management findings concerning residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance.
• Lead and review security risk assessments for third-party software development teams use or embedded in project deliverables.
• Provide information risk/security support for development projects to ensure that security issues detected by security testing tools are addressed throughout the software development life cycle.
• Participate actively in security investigations and internal compliance reviews.

Individual Accountabilities:
• Perform Project Information Risk Assessment
• Perform NIST Cyber Maturity Assessment
• POC for Internal and External Audit
• Risk and Control Self-Assessment
• Control Test Engagements
• Vendor Risk Assessment

Key Shared Accountabilities:
• Reporting of various assessment results
• Identification of risk treatment and mitigation strategies
• Escalating to various stakeholders, which includes executives

Required Qualifications:

• University graduate with a minimum of 5 years of experience or more in related technology risk or information security.
• Working knowledge of security issues, techniques, and remediation across computer platforms.
• Experience in the following security domains:
o Risk and Control Assessment
o Identity and Access Management
o Asset Management and Security
o Security Operations
o Application security
o ISO 27000 ISMS implementation or audit (optional)
• Exposure to IT control testing, web application development and/or systems administration is a plus.
• Strong interpersonal skills, including sensitivity and professionalism when communicating across geographical and cultural boundaries.
• Effective influencing and negotiation skills with the aptitude to achieve consensus in a federated environment.
• Strong stakeholder and people management skills; able to effectively articulate technical vision, possibilities, and outcomes through strong verbal and written communication.
• Strong technology background and risk management sense and understanding of how they can impact the business.
• Strong analytical skills, teamwork capability, and ability to work independently.

• Good interpersonal communication, management, and presentation skills
• A team player who can interact with other control functions on project delivery.
• Security certifications like CC, Sec+, CISA is a plus.

When you join our team:

• We’ll empower you to learn and grow the career you want.

• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.

• As part of our global team, we’ll support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact [email protected].

Working Arrangement