Information Assurance Technical Consultant

Job Description

General Accountability:

The Global Information Risk Management, Global Functions Assurance team is actively searching for an experienced Information Assurance Technical Consultant.

This is a 2nd line of defense Information Risk Management role. The incumbent will assist the Director by providing technical subject matter expertise to support various activities associated with the Information Assurance Program, with a focus on understanding and identifying information security risks associated with technical controls, system design and architecture.  This will involve collaboration and partnership with 1st line of defense IT Governance, IT Teams, 2nd line Controls Assurance team and 2nd line Center of Excellence teams.

The incumbent will work with different service areas within Global Functions and Enterprise Technology & Services (ETS) to understand the technology used within the platforms and applications that support products, capabilities and services which those service areas manage.  The structure of the work will involve working with 2nd Line Segment Controls Assurance team to review control design, adhoc 2nd Line Investigatory Case Work, providing input on risk ratings and risk treatments, and participating in challenging 1st Line risk assessment work.

You’ll be part of the wider IRM and Group Risk community. You’ll join a world-class company known for its commitment to diversity, community involvement and work-life balance via the WorkSmart program that sees 20% of Manulife’s North American employees working from home.                                                                        

Responsibilities:

As an Information Assurance Technical Consultant, you will be working with specific service areas within Global Functions and ETS with the following responsibilities:

  • Build a wide understanding of the technology used by the service areas which includes the platforms and applications that support products, capabilities and services.
  • Assist with 2nd Line Information Risk challenge activities for Significant Projects and Risk & Control Assessments.
  • Collaborate as necessary with 2nd Line Segment Controls Assurance team on the creation and review of narratives, control documentation and control design.
  • Collaborate with 2nd Line Segment Controls Assurance team on the prioritization of controls testing activities to focus on the high-risk areas.
  • Conduct risk review and root cause analysis of control testing failures in collaboration with 1st line teams.
  • Conduct risk review as necessary for control exception requests in collaboration with 1st line teams.
  • Take on additional responsibilities as necessary.

Knowledge/Skills/Competencies/Education:

  • 5 years or more of progressive information risk management experience in one or more disciplines:  project/vendor risk assessment, network security, infrastructure/platform security, data/application security, vulnerability/patch management, IT auditing, IT risk and control assessments, and business continuity/disaster recovery planning.
  • Strong understanding of web and mobile application architecture and development principles
  • Knowledge of application security best practices such as secure coding, security testing techniques
  • Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
  • Working knowledge and experience in the following areas is a plus:
    • Security architecture and controls in various infrastructure platforms (i.e. hosting networking, end user technology, cloud computing including Infrastructure as a Service (IaaS) and Platform as a Service (PaaS)).
    • Security systems such as privilege management system, SIEM/big data solution for security monitoring, NAC, vulnerability management solution and operating model, PKI/Encryption technology, APT solutions (FireEye, zScaler), Firewall/IPS, WAF etc.
    • Configuration Management Technologies (i.e. Ansible, Chef, Puppet), Infrastructure Automation Technologies (i.e. Terraform), Build Automation Technologies (i.e. Jenkins, Concourse), Containerization & Cloud Orchestration Technologies (i.e. Cloud Foundry, Kubernetes, Docker)
  • Professional certification or designation in information security, IT auditing, business continuity and/or disaster recovery a plus, but not a requirement.
  • Post-secondary diploma or degree in computer science fields of study is preferred.
  • Excellent communication skills (oral and written) including presentation skills with demonstrated ability to present at all organizational levels.
  • Ability to work independently and as part of a team, managing multiple priorities across several service areas.
  • Innovative problem-solving skills with proven ability to exercise flexibility and judgement.
  • Ability to learn, know and act upon what is important to Manulife and the specific service areas you support.
  • Proven ability to build relationships, engage and influence others, work with a diverse internal and international user community, as well as vendors.
  • Strong interpersonal skills, including demonstrated ability to be sensitive and professional when communicating across geographical and cultural boundaries.
  • Effective influencing and negotiation skills with the aptitude to achieve consensus in a federated environment.
  • Previous experience in the Financial, Insurance or Healthcare sectors considered an asset.

                                                                                                                                                                       
If you are ready to unleash your potential it’s time to start your career with Manulife/John Hancock.

About Manulife

Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. We operate primarily as John Hancock in the United States and Manulife elsewhere. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. At the end of 2018, we had more than 34,000 employees, over 82,000 agents, and thousands of distribution partners, serving almost 28 million customers. As of March 31, 2019, we had over $1.1 trillion (US$849 billion) in assets under management and administration, and in the previous 12 months we made $29.4 billion in payments to our customers.

Our principal operations in Asia, Canada and the United States are where we have served customers for more than 100 years. With our global headquarters in Toronto, Canada, we trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.

Manulife is committed to supporting a culture of diversity and accessibility across the organization.   It is our priority to remove barriers to provide equal access to employment.  A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request an accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.

 

*Please apply here: https://manulife.wd3.myworkdayjobs.com/MFCJH_Jobs/job/Waterloo-Ontario/Information-Assurance-Technical-Consultant_JobReq0384313