We are a leading financial services provider committed to making decisions easier and lives better for our customers and colleagues around the world. From our environmental initiatives to our community investments, we lead with values throughout our business. To help us stand out, we help you step up, because when colleagues are healthy, respected and meaningfully challenged, we all thrive. Discover how you can grow your career, make impact and drive real change with our Winning Team today.
Working Arrangement
Hybrid
Job Description
The opportunity
Job Description
We are seeking a dedicated Information Security and Risk Analyst to join Enterprise Technology & Services team. This is a 1st line of defense IT Governance role in which the incumbent will enable businesses and IT partners to recognize and handle their cyber and information security risks in a vibrant business environment.
You will be part of the team which will work with different service areas within ETS and serve as a trusted partner and domain expert to the business and help them protect their information assets. Participate in critical global projects and initiatives to ensure Information risk is always appropriately managed, perform security risk assessments and consulting on various projects & implementation of tools or services. Work closely with infrastructure, development, application teams on implementation of security controls to ensure the integrity of information security policies, procedures and standards; also report to senior management on the efficiency of such controls.
Responsibilities:
- Assist project teams with identifying and validating security requirements or leading the completion of information risk assessments.
- Performing in-depth risk assessments on projects from technical security perspective to ensure that the security safeguards and controls are in-line with Manulife Security policy and standards.
- Providing input and recommendations to the ETS Service Areas on information security requirements and standard methodologies.
- Assisting with security incident investigations & service provider threat notifications.
- Support other operational security activities including oversight of ongoing security processes (e.g., incident response, ad hoc queries, periodic access reviews and vulnerability management)
- Working with the ETS Service Areas on Go Live Acceptance Reviews for new infrastructure & services associated with that.
- Reporting on security metrics and compliance with company policies/standards.
- Assist with other information risk management tasks as required.
- Assist with RCSA IT Controls Testing as required.
What motivates you
- You obsess about customers, listen, engage and act for their benefit.
- You think big, with curiosity to discover ways to use your agile approach and enable business outcomes.
- You thrive in teams and enjoy getting things done together.
- You take ownership and build solutions, focusing on what matters.
- You do what is right, work with integrity and speak up.
- You share your humanity, helping us build a diverse and inclusive work environment for everyone.
What We Are Looking For
- 2 to 5 years of relevant information security and information risk management experience.
- Professional certification(s) related to information security or information risk management such as CISSP, CCSP, CRISC, CISM, CISA, GIAC are preferred.
- Solid understanding and experience in the following areas:
- Security architecture and controls in various infrastructure platforms (i.e. Windows, Unix, RH Linux, Virtual hosting, networking, end user technology, cloud computing including Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS)).
- Security systems such as privilege management system, SIEM/big data solution for security monitoring, NAC, vulnerability management solution and operating model, PKI/Encryption technology, APT solutions (FireEye, Z-scaler), Firewall/IPS, WAF etc.
- Knowledge of application security standard methodologies such as secure coding, security testing techniques
- Knowledge of OWASP, SANS, NIST, ISO or other security-related frameworks and penetration testing methodologies
- Working experience with Cloud platforms such as Azure, AWS or GCP
- Windows and related services (i.e. Active Directory, DNS, IIS, MSSQL), Active Directory Federated Services and Protocols (i.e. ADFS, SAML)
- Collaboration and messaging platforms (i.e. Office 365, SharePoint)
- Mobile Devices along with Mobile Device Management / Mobile Application Management Platforms and Services (i.e. InTune)
- Validated ability to establish relationships, engage and influence others, and work with diverse internal and international user communities as well as vendors
- Experience implementing and/or supporting a large-scale corporate enterprise solution.
Nice To Have
- Experience with FAIR or comparable quantitative risk management frameworks is a plus
Attributes
- Passionate about helping ETS Service Areas work towards their goals; understands that Information Security must enable the business.
- Strong written and verbal communication and effective negotiation skills.
- Deep technical skills and background with the ability to easily develop strong working capabilities with new technologies and the related security implications.
- Influences others across the organization to accomplish their objectives.
- Works independently and takes initiative.
- Proactive
- Handles conflict well and always maintains integrity.
- Takes ownership for their objectives and ensures they are achieved.
- Functions well as part of a distributed team.
- Strong analytical skills.
- Ability to step back for cross-organization context or to adjust to specific, detailed technology and/or risk review.
What can we offer you
- A competitive salary and benefits packages.
- A growth trajectory that extends upward and outward, encouraging you to follow your passions and learn new skills.
- A focus on growing your career path with us.
- Flexible work policies and strong work-life balance.
- Professional development and leadership opportunities.
Our commitment to you
- Values-first culture We lead with our Values every day and bring them to life together.
- Boundless opportunity We create opportunities to learn and grow at every stage of your career.
- Continuous innovation We invite you to help redefine the future of financial services.
- Delivering the promise of Diversity, Equity and Inclusion We foster an inclusive workplace where everyone thrives.
- Championing Corporate Citizenship We build a business that benefits all stakeholders and has a positive social and environmental impact.
About Manulife And John Hancock
Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Asia, Canada, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups and institutions. At the end of 2022, we had more than 40,000 employees, over 116,000 agents, and thousands of distribution partners, serving over 34 million customers. At the end of 2022, we had $1.3 trillion (US$1.0 trillion) in assets under management and administration, including total invested assets of $0.4 trillion (US $0.3 trillion), and segregated funds net assets of $0.3 trillion (US$0.3 trillion). We trade as MFC on the Toronto, New York, and the Philippine stock exchanges, and under 945 in Hong Kong.
Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact [Confidential Information].