Director, Cyber Security Risk Oversight – Global Risk

***Nous utilisons des*

*pour fournir des statistiques qui nous aident à vous offrir la meilleure expérience sur note site. Vous y trouverez des renseignements sur les témoins, ou vous pouvez les désactiver si vous préférez. Toutefois, en continuant d’utiliser le site sans modifier les paramètres, vous consentez à notre utilisation de***Director, Cyber Security Risk Oversight – Global Risk page is loaded## Director, Cyber Security Risk Oversight – Global Risklocations:

Waterloo, Ontario:

Toronto, Ontario:

Halifax, Nova Scotiatime type:

Temps pleinposted on:

Publié aujourd'huitime left to apply:

Date de fin : 21 octobre 2025 (Il reste 13 jours pour postuler)job requisition id:

JR25091625Manulife is seeking a strategic and experienced Director, Cybersecurity Risk Oversight, as a Line 2 leadership role responsible for independent oversight, challenge, and governance of enterprise systems. Reporting to the AVP Information Security, this position will participate in the design and execution of a fit-for purpose risk oversight framework to ensure that technology solutions align with enterprise risk appetite, regulatory expectations, and secure software development best practices. The role will act as a strategic advisor across multiple cyber security risk domains including identity and access management, cloud security and data security.**Key Responsibilities:****Independent Oversight:*** Lead the independent oversight of cybersecurity risks, ensuring robust alignment with Manulife’s standards and strategic objectives. Provide expert guidance to uphold the integrity of the cybersecurity framework.* Collaborate with multidisciplinary teams to gain a comprehensive understanding of Manulife’s technology strategy, operations, and regulatory environment. Proactively identify and assess areas of emerging and heightened risk related to information and cybersecurity.* Evolve and enhance Line 2 oversight frameworks to effectively manage and mitigate risks associated with information and cybersecurity, ensuring these frameworks remain agile and responsive to new challenges.* Oversee Line 1 risk, compliance, and operational metrics, and actively participate in the development and maintenance of Line 2’s information and cybersecurity risk measurement programs. Ensure these metrics are comprehensive and support strategic risk management initiatives.**Cyber & Technology Risk Assessment:*** Conduct comprehensive and in-depth assessments of technology programs, particularly those with third-party dependencies, to ensure the safeguarding of organizational assets. Utilize advanced risk assessment methodologies to identify vulnerabilities and implement effective mitigation strategies.* Execute independent and objective challenges to existing cybersecurity measures across critical risk domains, including Identity & Access Management, Cloud Security, Network Security and Data Security. Ensure these challenges rigorously test the effectiveness and resilience of current risk management practices.* Maintain a forward-looking approach by continuously monitoring emerging risks and active threats in the cybersecurity landscape. Integrate these insights into assessments to enhance preparedness and adaptability to new challenges.* Provide unbiased and evidence-based oversight to ensure that risk assessments not only meet regulatory requirements but also align with Manulife's strategic objectives and risk appetite, fostering continuous improvement in the organization's cybersecurity posture.**Standards and Policy Framework Development:*** Lead the research, development, and continuous enhancement of Manulife’s internal technology and cyber policies and standards. Ensure these policies are not only aligned with industry best practices but are also responsive to active threats, anticipate emerging risks, and adapt to evolving regulatory environments.* Develop a dynamic and comprehensive policy framework that fosters organizational resilience and promotes a proactive security culture. This framework should empower the organization to preemptively address vulnerabilities and remain agile in the face of new challenges.* Collaborate with cross-functional teams to integrate insights from threat intelligence and risk assessments into policy development processes, ensuring a holistic approach to risk management that supports strategic business objectives.* Champion a culture of security awareness and compliance across the organization by effectively communicating policy changes and their implications, thus reinforcing the importance of cybersecurity at every level.**Cyber Risk Reporting & Strategy:*** Collaborate across first and second lines of defense to develop and report on Key Risk Indicators (KRIs).* Support leadership in preparing board-level cybersecurity materials, offering actionable insights on cyber and emerging risks, data security and operational resilience.**Key Qualifications:*** 7-10 years in cybersecurity or technology risk management and/or First Line cybersecurity operations* Experience with critical security risk domains such as cloud security, network security, identity and access management, and third-party security* Commitment to continuous learning of cybersecurity risks, threat landscape, and best practices, with a focus on effective and efficient governance and oversight* Experience in developing enterprise policies & standards, conducting risk assessments, and a strong understanding of common risk frameworks, such as NIST Cybersecurity Framework and 800-53, ISO 27001/27002, and PCI DSS 4.0* Ability to work cross-functionally, aligning risk management with broader business strategies* Excellent verbal and written communication skills, with a focus on technical writing. Must be able to effectively convey complex risk concepts and insights to senior leadership and business collaborators. Skilled in crafting clear and concise reports, presentations, and documentation to facilitate informed decision-making* Expertise in engaging with diverse collaborators to integrate their feedback into risk management practices* Ability to effectively manage crises related to cybersecurity risks, demonstrating resilience and adaptability* Keen interest in emerging technologies and innovations, with the ability to assess potential risks and opportunities**When you join our team:*** We’ll empower you to learn and grow the career you want.* We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.* As part of our global team, we’ll support you in shaping the future you want to see.**À propos de Manuvie et de John Hancock**La Société Financière Manuvie est un chef de file mondial des services financiers qui aide les gens à prendre leurs décisions plus facilement et à vivre mieux. Pour en apprendre plus à notre sujet, rendez vous à l’adresse .**Manuvie est un employeur qui souscrit au principe de l’égalité d’accès à l’emploi**Chez Manulife/John Hancock nous valorisons notre diversité. Nous nous efforçons d’attirer, de perfectionner et de maintenir une main d'oeuvre qui est aussi diversifiée que nos clients, et de favoriser la création d’un milieu de travail inclusif qui met à profit la diversité de nos employés et les compétences de chacun. Nous nous engageons à assurer un recrutement, une fidélisation, une promotion et une rémunération équitables, et nous administrons toutes nos pratiques et tous nos programmes sans discrimination en raison de la race, de l’ascendance, du lieu d’origine, de la couleur, de l’origine ethnique, de la citoyenneté, de la religion ou des croyances ou des convictions religieuses, du genre (y compris grossesse et affection liée à une grossesse), de l’orientation sexuelle, des caractéristiques génétiques, du statut d’ancien combattant, de l’identité de genre, de l’expression de genre, de l’âge, de l’état matrimonial, de #J-18808-Ljbffr