Information Assurance Technical Consultant
The Manufacturers Life Insurance Company
Waterloo, ON CA
4d ago

Job Description :

Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.

General Accountability :

The Global Information Risk Management, Global Functions Assurance team is actively searching for an experienced Information Assurance Technical Consultant.

This is a 2nd line of defense Information Risk Management role. The incumbent will assist the Director by providing technical subject matter expertise to support various activities associated with the Information Assurance Program, with a focus on understanding and identifying information security risks associated with technical controls, system design and architecture.

This will involve collaboration and partnership with 1st line of defense IT Governance, IT Teams, 2nd line Controls Assurance team and 2nd line Center of Excellence teams.

The incumbent will work with different service areas within Global Functions and Enterprise Technology & Services (ETS) to understand the technology used within the platforms and applications that support products, capabilities and services which those service areas manage.

The structure of the work will involve working with 2nd Line Segment Controls Assurance team to review control design, adhoc 2nd Line Investigatory Case Work, providing input on risk ratings and risk treatments, and participating in challenging 1st Line risk assessment work.

You’ll be part of the wider IRM and Group Risk community. You’ll join a world-class company known for its commitment to diversity, community involvement and work-

life balance via the WorkSmart program that sees 20% of Manulife’s North American employees working from home.

Responsibilities :

As an Information Assurance Technical Consultant, you will be working with specific service areas within Global Functions and ETS with the following responsibilities :

  • Build a wide understanding of the technology used by the service areas which includes the platforms and applications that support products, capabilities and services.
  • Assist with 2nd Line Information Risk challenge activities for Significant Projects and Risk & Control Assessments.
  • Collaborate as necessary with 2nd Line Segment Controls Assurance team on the creation and review of narratives, control documentation and control design.
  • Collaborate with 2nd Line Segment Controls Assurance team on the prioritization of controls testing activities to focus on the high-risk areas.
  • Conduct risk review and root cause analysis of control testing failures in collaboration with 1st line teams.
  • Conduct risk review as necessary for control exception requests in collaboration with 1st line teams.
  • Take on additional responsibilities as necessary.
  • Knowledge / Skills / Competencies / Education :

  • 5 years or more of progressive information risk management experience in one or more disciplines : project / vendor risk assessment, network security, infrastructure / platform security, data / application security, vulnerability / patch management, IT auditing, IT risk and control assessments, and business continuity / disaster recovery planning.
  • Strong understanding of web and mobile application architecture and development principles
  • Knowledge of application security best practices such as secure coding, security testing techniques
  • Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
  • Working knowledge and experience in the following areas is a plus : Security architecture and controls in various infrastructure platforms (i.
  • e. hosting networking, end user technology, cloud computing including Infrastructure as a Service (IaaS) and Platform as a Service (PaaS)).

    Security systems such as privilege management system, SIEM / big data solution for security monitoring, NAC, vulnerability management solution and operating model, PKI / Encryption technology, APT solutions (FireEye, zScaler), Firewall / IPS, WAF etc.

    Configuration Management Technologies (i.e. Ansible, Chef, Puppet), Infrastructure Automation Technologies (i.e. Terraform), Build Automation Technologies (i.

    e. Jenkins, Concourse), Containerization & Cloud Orchestration Technologies (i.e. Cloud Foundry, Kubernetes, Docker)

  • Professional certification or designation in information security, IT auditing, business continuity and / or disaster recovery a plus, but not a requirement.
  • Post-secondary diploma or degree in computer science fields of study is preferred.
  • Excellent communication skills (oral and written) including presentation skills with demonstrated ability to present at all organizational levels.
  • Ability to work independently and as part of a team, managing multiple priorities across several service areas.
  • Innovative problem-solving skills with proven ability to exercise flexibility and judgement.
  • Ability to learn, know and act upon what is important to Manulife and the specific service areas you support.
  • Proven ability to build relationships, engage and influence others, work with a diverse internal and international user community, as well as vendors.
  • Strong interpersonal skills, including demonstrated ability to be sensitive and professional when communicating across geographical and cultural boundaries.
  • Effective influencing and negotiation skills with the aptitude to achieve consensus in a federated environment.
  • Previous experience in the Financial, Insurance or Healthcare sectors considered an asset.
  • Apply
    Add to favourites
    Remove from favourites
    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form