Director, Information Risk Management – Global Risk

Manulife is seeking a Director, Information Risk Management, as a Line 2 leadership role responsible for independent oversight, challenge, and governance of risks across Manulife’s global technology enterprise. This position will participate in the design and execution of a fit-for-purpose risk oversight framework to ensure that technology, data, and corporate function platforms are designed, operated, and evolved in alignment with Manulife’s risk appetite, regulatory obligations, and governance directives, while enabling speed, resilience, and innovation.

Position Responsibilities: 
Independent Challenge & Oversight:

• Provide credible, independent challenge to first-line technology and data leaders on risk design, control effectiveness, and residual risk exposure.

• Assess and opine on the adequacy of technology, infrastructure, data, platform and application controls against internal standards, regulatory expectations, and industry best practices.

• Ensure technology and data risks are clearly articulated, quantified where possible, and aligned to risk appetite.

• Review and challenge material risk acceptances, control exceptions, and remediation plans.

Domain Level Challenge and Oversight:

• Challenge operational resilience, capacity management, monitoring, patching, vulnerability, identity, and access control practices.

• Oversight of risks related to cloud, on-prem infrastructure, networks, end-user computing, resilience, availability, disaster recovery, and third-party dependencies.

• Ensure strong alignment between data governance, data risk, model risk, and information security

• Oversight of data risk across data platforms, analytics, AI/ML, data quality, lineage, privacy, and regulatory data obligations.

• Oversight of technology risks supporting Finance, HR, Legal, Compliance, Risk, and Internal Audit systems.

• Challenge risks associated with financial reporting technology, regulatory reporting, and corporate data.

• Ability to stay abreast of new and emerging regulatory requirements as well as emerging and evolving risks

GRC Workflow, Automation and Orchestration:

• Drive adoption of workflow-based risk management, ensuring risks, controls, issues, exceptions, and attestations are consistent, adequate, reasonable and effective through standardized and automated practices that are traceable end-to-end

• Support the design of event-driven risk workflows integrating automated control monitoring mechanisms from source systems (e.g, CI/CD, Observability, Ticketing, Lakes, Warehouses) to reduce manual assessments

• Support the design of orchestration patterns that connect risk assessments, business continuity and disaster recovery, control testing, issue management, incident root cause analysis, vendor risk concurrences, regulatory obligations and audit and examination responses

• Provide unbiased and evidence-based oversight to ensure that risk assessments not only meet regulatory requirements but also align with Manulife's strategic objectives and risk appetite, fostering continuous improvement in the organization's cybersecurity posture.

Key Deliverables and Outcomes:

• Clear, consistent second-line risk opinions across infrastructure, data, and corporate technology.

• Reduced manual risk processes through workflow automation and orchestration.

• Improved timeliness, quality, and transparency of technology and data risk reporting.

• Strong regulatory confidence in Manulife’s technology risks governance model.

• Demonstrable alignment between risk appetite, controls, and business outcomes.

Required Qualifications: 

• 12+ years in Technology Risk, Information Risk Management, Cyber Risk, with 5+ years in a risk leadership or second-line oversight role.

• Deep experience within financial services, insurance, or wealth management in a global context.

• Proven ability to challenge senior technology and data leaders with credibility, capable of translating technical risks into business impact.

• Experience leading or influencing globally distributed teams.

• Demonstrated oversight of Infrastructure & Operations, Cloud and hybrid environments, Data platforms and analytics and corporate enterprise applications.

• Strong understanding of GRC workflows, including business goals, governance, risk management, controls, compliance, audit and assurance and improvement

• Familiarity with GRC platforms (e.g. Archer, ServiceNow, Fusion).

• Working knowledge of Global Regulatory Guidelines and Control frameworks (CSA STAR for AI, CCM, ISO, NIST, COBIT, COSO).

• Bilingualism (English and French) is a strong asset. If the successful candidate is in Québec, proficiency in both languages will be required to support clients from various provinces outside of Quebec. 

 
Preferred Qualifications: 

• Experience in applying engineering principles to risk management, exposure to automated control monitoring and evidence collection, and a background partnering closely with Operations and Platform teams.

When you join our team: 

• We’ll empower you to learn and grow the career you want. 

• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words. 

• As part of our global team, we’ll support you in shaping the future you want to see.

#LI-Hybrid

The role being advertised is an existing vacancy.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact [email protected].

Referenced Salary Location

Toronto, OntarioHybrid

Salary range is expected to be between

$113,260.00 CAD - $210,340.00 CAD

Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. If you are applying for this role outside of the primary location, please contact [email protected] for the salary range for your location.

Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact [email protected] for more information about U.S.-specific paid time off provisions.

We use data and analytics technologies, such as artificial intelligence (AI), and automated processing tools, to analyze and process the information you provide to us or third parties in the application process. For more information, please refer to our personal information collection statement.