Information Risk Management Consultant

  • As a senior member of GBRS Risk Management IT Controls, Audit, and Compliance team, you will support and drive On Site Audits, respond to client security assessments, participate on client calls regarding Manulife security and take part in Security and Compliance activities within the GBRS business unit.

  • You will oversee and collaborate with the MBPS team based in Manilla.

  • This role reports directly to the GBRS Commercial Office’s Director within Canadian Division.

Job duties include:

  • Respond to client security assessments/questionnaires in a timely and accurate manner, including self-assessment questionnaires, Client contract review, client onsite visits, client calls and external audit reports analysis.

  • Oversee and support our off-shore MBPS team in the execution of their duties.

  • Manage and drive the audit processes collaborating with Internal and External Audit teams and facilitating the collation of audit and compliance artifacts.

  • Ensure that internal audit points are cleared within the time dedications provided to Internal Audit.

  • Facilitate audit management reporting, management responses and monitor and report on audit response plans.

  • Provide Controls, Audit, and Compliance consulting support for Program(s) and Program teams and initiatives.

  • Consult, providing expert and standard methodology advice to the business unit on information security, compliance and controls requirements.

  • Assess compliance and drive remediation/alignment with Security Policies, Standards and Procedures.

  • Manage and drive assurance assessments, audits and reports; such as SOC 1 Type II, and SOC 2 Type II, Financial Statement Audit, Sarbanes Oxley, and Regulators.

  • Work with the business unit to help define and improve Operational Information Security practices and controls.

  • Champion the IT Audit, Security and Compliance profession.

  • Train and mentor team members and partners in IT Audit, Compliance and operational standard methodologies.

Experience and Qualifications

  • 5 years of relevant information security controls and information technology audit and compliance experience.
  • Proven experience in assessing Security questionaries’ and IT security contracts.
  • Experience with SOC2 Type 2 readiness initiatives and audit coordination.
  • Familiarity with Group Benefits or Retirement Solution.
  • Familiar with IT General Controls as defined in GAAPs.
  • Familiarity with Industry frameworks such as NIST, ISO, COBIT5, and CSA.
  • Post-secondary diploma or degree in computer science fields of study is preferred.
  • Professional certification(s) related to information controls, audit or compliance such as CISSP, CRISC, CISM, CISA, GIAC are preferred. A willingness to obtain is required
  • Exceptional written and oral communication skills; working knowledge of French is considered an asset.


  • Strong presentation and interpersonal skills.
  • High level of professionalism, integrity, and ethics.
  • Ability to analyze and synthesize information and complex issues to develop meaningful analyses to help make informed decisions.
  • Ability to analyze and form an opinion on risks and controls relating to systems and link to associated business impacts.
  • Readily voices opinions (supported by facts), bring up issues and ideas, and able to positively manage conflict.
  • Can perform tasks independently, yet capable of working within a team environment.
  • Ability to design and implement new processes and build efficiencies.
  • Focused on helping business units achieve their objectives; understands that Information Security must enable the business.
  • Ability to work in a dynamic, evolving and growing environment.
  • Proven time management and organizational skills required to meet tight deadlines.
  • Strong computer skills (Excel, Word and Power Point).
  • Strong work ethic and able to work under pressure and perform under tight deadlines.
  • Strong time management and organizational skills with attention to detail.
  • Get-it-done attitude.


We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.