Manager - Risk Management

Manulife Boston , MA 02298

Posted 4 weeks ago

Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.

Job Description

About Manulife

Manulife Financial Corporation ("Manulife") is a leading international financial services group that helps people make their decisions easier and lives better. The company provides financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions.

The company is a Top 10 global life insurance company and a Top 20 global asset manager. The company operates primarily as John Hancock in the United States and as Manulife elsewhere. With its global headquarters in Toronto, Canada, Manulife trades as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.

Passionate about delighting its customers, creating value for its shareholders and building a world-class culture, Manulife's President & CEO Roy Gori, and the leadership team have established a bold ambition to transform Manulife into the most customer-centric, digital leader in the industry, setting out detailed plans against five strategic priorities to achieve this ambition.

For more details about our Mission, Strategic Priorities and Values, please follow the link below:

The Role: Manager

  • Risk Management

General Accountability:

Under the direction of the U.S. Segment Chief Risk Officer (CRO), the U.S. Risk Management team provides independent oversight of risk taking and risk mitigation activities across the U.S. Segment of Manulife, consisting primarily of John Hancock Insurance, John Hancock Advice, and the John Hancock Legacy businesses of Long-Term Care Insurance and Annuities. The Manager

  • Risk Management position is responsible to support the implementation of the company's Enterprise Risk Management Program with a focus on Operational Risk Management and reporting. The position requires pragmatic business judgment and leadership skills, technical subject matter expertise in operational risk, and solid communication and influencing skills with management. The incumbent will work closely with other functional areas.


  • Support the development, rollout and ongoing oversight of the risk management programs, controls, and key performance indicators of the U.S. Segment.

  • Contribute to building a strong, collaborative relationship with many partners including project leads, first line of defense risk management, business unit management and provide ongoing operational risk advisory services.

  • Contribute to risk management reporting, education, and communication.

  • Produce and improve efficiencies of risk reports including: Quarterly Risk Outlook Report, various reports for Change Initiatives, and Incident reporting.


  • Supporting a wide variety of business partners

  • Tight reporting timelines with the materials going to a USLT and ELT level audience

  • Communicating and promoting sound risk management practices to staff with varying degrees of understanding of operational risk


  • Broad knowledge of financial services/insurance business and related products

  • Relevant experience in managing risk in a business or functional area

  • Preferred 3-5 years of experience in operational risk management or a highly related field which may include roles in operations management, finance, third party risk, fraud, legal, audit, compliance, risk consulting etc.

  • Excellent written and oral communication skills

  • Strong influencing skills with the ability to build effective relationships, at various levels of the organization

  • Technical skills to improve efficiencies and implement improvements in execution

  • Excellent analytical and problem-solving skills with ability to think strategically - an innovative mindset

  • Excellent collaborative and great teammate in an increasingly agile project structure work environment

  • Capable self-starter who takes initiative to solve problems and streamlines processes

  • University undergraduate degree with a relevant professional designation preferred

Personal Attributes and Cultural Fit:

  • Inspires and motivates others

  • Role model of ethics and integrity who builds a culture of respect

  • Highly effective change agent who embraces change and leads change management

  • Provides courageous advice

  • Results oriented; highly focused on accountability

  • Ability to work on multiple projects

  • Demonstrates a commitment to delivering excellent service balanced with appropriate risk management

  • Strategic perspective

  • Highly collaborative working style


If you are ready to unleash your potential it's time to start your career with Manulife/John Hancock.

About Manulife

Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Canada, Asia, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups and institutions. At the end of 2019, we had more than 35,000 employees, over 98,000 agents, and thousands of distribution partners, serving almost 30 million customers. As of December 31, 2019, we had $1.2 trillion (US$0.9 trillion) in assets under management and administration, and in the previous 12 months we made $29.7 billion in payments to our customers.

Our principal operations are in Asia, Canada and the United States where we have served customers for more than 100 years. We trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.

Manulife is an equal opportunity employer. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention and advancement and we administer all of our practices and programs based on qualification and performance and without discrimination on any protected ground.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request any accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Director Security & Risk Management

Eresearchtechnology, Inc.

Posted 5 days ago

VIEW JOBS 3/27/2020 12:00:00 AM 2020-06-25T00:00 Overview ERT is excited to start searching for a Director, Security & Risk Management. This critical person will report to the Chief Information Officer. The role is to lead ERT's efforts to ensure that it protects the information it collects, maintains, and distributes, electronically or otherwise. Role has the responsibility to ensure that appropriate security policies, standards, procedures and IT infrastructure (including servers, databases, personal computers, 3rd party hosted services, and mobile devices) are designed and maintained to protect ERT's information, both clinical data that ERT is a steward of for customers, and internal data. The role will be responsible for building on the current information security strategy at ERT, and working with senior management across ERT to ensure that budget, planning, infrastructure and implementation of information security based initiatives can be managed efficiently. This is a wide reaching security role, and requires an individual with a sufficient technical background, a solid understanding of data security, and a demonstrated knowledge of compliance-related laws and regulations. The role should be well versed in building information security programs to attain a high level of maturity. This position carries the responsibility to ensure the timely identification, remediation and tracking of technical, procedural and policy based items that may impact the security, use and stewardship of the ERT's customers and corporate data and information systems. Writing policies and documentation, communicating complex topics with ERT organizations and training on new policies and procedures are key responsibilities. The role will work with various ERT departments in assessing, developing, implementing, and maintaining information security standards, communicating policies and procedures related to information security, within ERT data centers, SaaS and Cloud environments. Finally, this position will implement control frameworks and ensure adherence with HIPAA/HITECH, 21CFR Part11 and manage security across all IT departments to ensure auditable and documented end-to-end processes for the operation and handling of ERT's data and systems. Responsibilities Define policies, procedures, communications and training for the following: Information Security Policy - Document governing user access privileges (need to know, least privileges, segregation of duties/responsibilities Information Protection Policy - policy defining information classifications and associated protections. Includes a table that lays out ERT's information classifications: Public; Confidential-ERT Internal; Confidential-ERT Restricted; and Confidential-ERT Highly Restricted. Information Security Risk Assessment and Management Practice - Practice includes defining and documenting the key procedures in performing a risk assessment, including:Acceptable Use Policy for Company Resources Policy governing ERT personnel's use of ERT computers, systems, and resources.Data Export / Import Compliance ManagementSystems and applications password standards and password managementInternal penetration testing/vulnerability scanning development best practicesExternal penetration testing/vulnerability scanning reporting and remediation practice Logical Access Controls Policy and Privileged Access Management policiesDescribes key user and API access controls that must be implemented to protect ERT's information assets.Access controls that applies to all applications, databases, operating systems, and network devices that store or process ERT information, other than publicly accessible Internet facing ERT System. Logging and Log Analysis PolicyRequires system logging, periodic log analysis, issue resolution and log retention.Password PolicyDescribes value sets for password controls to be set up for all systems and to be followed by all employees. Network Security PolicyRequires a range of controls to secure the data in networks and protect connected services from unauthorized access in hybrid cloud environments Server Security PolicyRequires all servers to be physically and logically secured according to their criticality. Records Retention Policy Working with ERT Legal on documenting Internal and External Privacy Policies:ERT global policies and procedures to protect individual personally identifiable information (PII) to ensure personal data privacy is safeguarded at local and global levels. Covers collection, processing, security and access Third-Party Network Access Agreements Develop, document and implement a layered security platform and associated processes enabling core cloud operational requirements for :Network and Host-based securityApplications and data securitySecurity monitoring & alertingIdentity and Access managementPrivileged account management Partner with ERT Quality & Risk Management insuring proper Quality Management Partner with Development and DevOps teams to insure layered security for new ERT products and services Monitor Microsoft Security Bulletins and Common Vulnerabilities and Exposures (CVE) bulletins Assess, plan and communicate plan to remediate security vulnerabilities and exposures across ERT's Production, Staging, UAT and Development infrastructure network and compute fleet Lead, document and implement/instrument a cloud security profile, including:Service infrastructure and platform security planning requirementsSecurity monitoring integration with ERT Operations Support SystemMonitoring and advising and security patching requirementsOverall ownership and sign-off on security profile readiness for all SaaS, Business Systems, Operational Support Systems and Client Services Systems. Qualifications Qualifications and Skills Needed Have defined, documented, implemented and established security policies and procedures in for a software as a service provider. Possess one or more advanced professional security certifications related to chosen discipline (CISSP, CCSP) Demonstrated understanding of Information Security best practices. At least 5+ years' experience implementing layered security practices for network, host, applications, data and access to IaaS, PaaS and SaaS services in a hybrid deployment environment. Experience in developing and deploying security specific solutions including the automation of repeatable security tasks and controls Solid oral and written communication skills. Solid collaboration skills. Experience implementing and operating security technologies and processes in a hybrid cloud environment, such as AWS or Azure and customer premise Have 5+ years of cloud-based security operations management experience BS/BA degree in Computer Science, Information Systems or related field Experience with software-defined network, compute and storage platforms Experience with security vulnerability and penetration tools such as Nessus, BurpSuite, Qualys, Fortify Implementation and management experience with hardware and software firewalls, AV, IDS/IPS platforms. Eresearchtechnology, Inc. Boston MA

Manager - Risk Management