_The_ **_Information Security Manager_** _evaluates technology environments through control testing, compliance assessments, identifies key gaps and recommends actions for remediation. Partners with other teams for cybersecurity controls assessment and tests effectiveness of cybersecurity controls ensuring that systems and processes meet industry standards and regulatory requirements._ **Position Responsibilities:** + Plans, conducts and manages cybersecurity and technology controls testing, compliance assessments including IT systems and processes for design and operating effectiveness. + Develops and maintains test procedures and plans for IT Security Controls, ensuring alignment with key objectives, industry standards and regulatory requirements. + Evaluates the organization’s compliance with preferred cybersecurity frameworks. + Performs control testing, security assessments, and risk analysis on systems, applications, and network infrastructure to identify potential weaknesses and security gaps. + Analyzes test results, identifies security control deficiencies, and recommends solutions to resolve identified issues. + Partners with operations and IT teams to ensure that all IT security controls are adequately tested and implemented. + Tracks security issues/risks, prepares comprehensive reports outlining findings, recommendations and actionable insights to senior management and stakeholders. + Collaborates with cross-functional teams including IT, legal, compliance and liaises with law enforcement and other external entities to address findings and implement corrective action. + Develops innovative approaches and solutions, including use of data analytics, Agile methodology, and automation to improve overall effectiveness and value of the controls testing team. + Ensures compliance with applicable security policies and standards. + Stays updated on latest cybersecurity threats, vulnerabilities, and testing techniques, contributing to the enhancement of cybersecurity practices within the organization. + Provides professional advice – takes a lead role of process or program execution + Is accountable for own work and contributes to setting standards through expertise in own job discipline that impact others’ deliverables + Work is guided by cascaded policies or business plans + May lead medium to large size projects or work streams with moderate resource requirements, risk and/or complexity with multiple teams representing different interests **Required Qualifications:** + Knowledge of IT security controls and technologies, IT systems and networks, security testing, security policies, standards, and regulations + Experience performing compliance and control testing assessments + Knowledge of frameworks such as NIST CSF, ISO 27001 and CIS Top 20 Controls + Proficiency in understanding operating systems (Windows, Linux, Unix), network protocols, and cybersecurity frameworks + Understanding of cloud computing security principles and leading practices + Understanding of legal and regulatory requirements related to cybersecurity, privacy, and data protection laws relevant to the organization + Knowledge of data privacy laws, data security issues, encryption techniques, data classification, and data loss prevention mechanism **Skills:** + Cybersecurity + Security Compliance + IT Controls + IT Audit + IT Regulatory Compliance + Risk Assessment + Control Testing **When you join our team:** + We’ll empower you to learn and grow the career you want. + We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words. + As part of our global team, we’ll support you in shaping the future you want to see. **Acerca de Manulife y John Hancock** Manulife Financial Corporation es un importante proveedor internacional de servicios financieros que ayuda a las personas a tomar decisiones de una manera más fácil y a vivir mejor. Para obtener más información acerca de nosotros, visite http://www.manulife.com . **Manulife es un empleador que ofrece igualdad de oportunidades** En Manulife/John Hancock, valoramos nuestra diversidad. Nos esforzamos por atraer, formar y retener una fuerza laboral tan diversa como los clientes a los que prestamos servicios, y para fomentar un entorno laboral inclusivo en el que se aprovechen las fortalezas de las culturas y las personas. Estamos comprometidos con la equidad en las contrataciones, la retención de talento, el ascenso y la remuneración, y administramos todas nuestras prácticas y programas sin discriminación por motivos de raza, ascendencia, lugar de origen, color, origen étnico, ciudadanía, religión o creencias religiosas, credo, sexo (incluyendo el embarazo y las afecciones relacionadas con este), orientación sexual, características genéticas, condición de veterano, identidad de género, expresión de género, edad, estado civil, estatus familiar, discapacidad, o cualquier otro aspecto protegido por la ley vigente. Nuestra prioridad es eliminar las barreras para garantizar la igualdad de acceso al empleo. Un representante de Recursos Humanos trabajará con los solicitantes que requieran una adaptación razonable durante el proceso de solicitud. Toda la información que se haya compartido durante el proceso de solicitud de adaptación se almacenará y utilizará de manera congruente con las leyes y las políticas de Manulife/John Hancock correspondientes. Para solicitar una adaptación razonable en el proceso de solicitud, envíenos un mensaje a recruitment@manulife.com . **Modalidades de Trabajo** Híbrido