Director of Strategy - Information Security & Risk Management

This role offers an exceptional opportunity to lead and shape our information security and risk management strategies as the Director of Strategy for Information Security & Risk Management. Reporting to the Information Security and Risk Management Officer, you will collaborate with the Global Risk and Security team to align cybersecurity plans with organizational priorities, enhance security initiatives, and coordinate cross-team activities. Your expertise will be pivotal in maturing all aspects of our security portfolio, ensuring compliance, and driving continuous improvement in our security practices. In return, you will benefit from professional growth opportunities, a supportive work environment, and the chance to make a significant impact on our security posture.

Position Responsibilities:

• Collaborate in developing and implementing comprehensive information risk management and security strategies.
• Assist in the development and integration of security policies, standards, and procedures across the organization ensuring compliance with relevant regulations.
• Support in managing information security risk and in implementing global cybersecurity initiatives.
• Develop a roadmap for sustainable information risk metrics and implement internal best practices for strategy and continuous improvement.
• Mature technical service offerings such as risk assessments, threat modeling, application security and compliance & regulatory programs.
• Collaborate with Technology Leaders to ensure security integration into business processes and operations, and ensure KRIs achieve target goals and remain within established risk thresholds.
• Provide vision and leadership to manage information security risk, ensuring business alignment and effective governance.
• Support the response to information security incidents and breaches.
• Prepare and present reports on information security to senior management.
• Assist in coaching, mentorship, and support to team members in their professional development.

Required Qualifications:

• Bachelor’s degree in Computer Science, Information Technology, or a related field.
• Proven experience in information risk management and information security leadership roles.
• Strong understanding of information security frameworks, standards, and regulations (e.g., ISO 27001, NIST, SOC II, OSFI).
• Strong knowledge of security risk management practices including security architecture, vulnerability and patch management, application security, and cloud security.
• Experience in developing and implementing security strategies and policies.
• Strong problem-solving and decision-making skills.
• Superb communication and interpersonal skills.
• Industry-recognized certification (e.g., CISA, CRISC, CISM, CISSP) or equivalent certification is desirable.

Preferred Qualifications:

• Experience in the financial services industry.

When you join our team:

• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our team, you’ll have the opportunity to shape our security strategies and make a significant impact on our organization's security posture

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit our story.