Information Risk Manager

Job Description

Manulife is seeking a Manager, Information Risk Management to lead the execution of independent second line challenge and oversight activities across technology, data, and operational risk. Reporting to Director, IRM, IRO, this role provides analysis, challenge, and governance scrutiny to ensure first line risk practices meet Manulife's risk appetite, standards, and regulatory expectations.

The Manager provides expert-level independent oversight (not operational ownership) across:

Key Responsibilities:

• Perform deep‑dive reviews of RCSAs across technology, data, and operations.
• Challenge the accuracy of risk identification, inherent/residual ratings, and control assertions.
• Identify under‑assessed risks, inadequate controls, or inconsistencies across assessments.

• Challenge first‑line due diligence results, inherent risk scoring, and compensating controls.
• Evaluate adequacy of vendor oversight for cloud, SaaS, critical providers, and high‑risk technology services.
• Provide second‑line opinion on residual risk and required mitigation.

• Review major programs, platform changes, and technology transformations for risk impact.
• Challenge assumptions around control design, architecture changes, and implementation risk.
• Assess adequacy of first‑line mitigation plans for risks introduced by new solutions.

• Review incident documentation, severity classification, and root‑cause analysis.
• Challenge the completeness of event investigations and recurrence prevention plans.
• Identify thematic trends across events for reporting to senior leadership.

• Challenge the validity and appropriateness of first‑line risk acceptances.
• Evaluate corrective action plans for feasibility, urgency, and expected risk reduction.
• Validate CAP closure evidence from a second‑line perspective.

• Independently review business continuity plans, disaster recovery testing outcomes, and resilience maturity.
• Challenge critical operations classification, recovery objectives, and testing sufficiency.
• Identify gaps requiring escalation or thematic risk reporting.

• Conduct advanced analysis of enterprise risk datasets (issues, events, assessments, controls, testing).
• Identify emerging risk themes, systemic control weaknesses, or concentration risk.
• Produce decision‑grade risk intelligence and oversight insights for Directors, AVPs, and executives.
• Support the development of consolidated second‑line opinions for senior governance forums.

• Leverage Generative and Agentic AI to enhance oversight efficiency, evidence review, and thematic analysis.
• Support adoption of automated workflows, continuous monitoring, and AI‑based risk detection.
• Assess the reliability and explainability of AI‑generated insights used for second‑line challenge.
• Identify opportunities to increase automation maturity within risk oversight processes.

• Serve as a trusted advisor to directors, AVPs, first‑line technology leaders, and centers of excellence.
• Communicate second‑line challenge outcomes with clarity, evidence, and constructive business engagement.
• Influence senior stakeholders while maintaining second‑line independence and objectivity.
• Represent second‑line viewpoints in assessments, risk discussions, and governance forums.

• 6–10+ years of experience in Information Risk, Technology Risk, Cyber Risk, GRC, or Operational Risk.
• Experience performing independent second‑line oversight or audit-style review activities.
• Strong understanding of technology, data, cloud, infrastructure, and operational resilience risks.
• Ability to evaluate complex risk scenarios and form well‑supported second‑line opinions.
• Experience with risk programs (RCSA, third‑party risk, issues, incidents, BC/DR, change risk).
• Familiarity with GRC platforms such as Archer, ServiceNow, or Fusion.
• Knowledge of regulatory frameworks and standards (ISO, NIST, COBIT, CSA/CCM, OSFI, etc.).
• Exposure to Generative AI, Agentic AI, automation tools, or continuous monitoring technologies.

• Cafeteria, Joining goodies, Maternity leaves, Annual leaves, Rewards & recognition, Course reimbursements, Professional degree assistance, Stock options, Health & insurance, Life insurance, Mental health wellbeing