Full-Time Senior IT Auditor/Associate Manager–Infrastructure Security Audit
Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.
Manulife’s Internal Audit team is looking for a seasoned Senior IT Auditor/Associate Manager for their Technology Infrastructure Security Audit team. The Senior Technology Auditor/Associate Manager will participate in execution of large, complex assurance reviews of all types (key risk audits, emerging risk reviews, consulting, SOX/MAR audits, policy and standard reviews, data analytics, program and project audits, investigations and other special projects) to deliver high quality, professional, cost-effective, value-added and risk-based audits.
The accountabilities includes developing and executing risk assessments and testing audit procedures over Information services, Information risk management, cybersecurity, digital transformations, Network Security, Data center security, Cloud security, Architecture reviews, Agile software development environments, DevOps and DevSecOps. The Senior Technology Auditor/Associate Manager will assist in audit planning; executing engagements to deliver on the audit plan and assist audit lead in reporting.
- Understand Information Technology control environment to assess and evaluate the effectiveness and efficiency of internal controls and operating practices;
- Support multiple simultaneous security audit projects to ensure time and quality objectives are met. Timely escalate potential budget over-runs and resourcing concerns to Engagement Lead;
- Execute audit projects to cover key risks and produce meaningful audit reports that clearly articulate the position on risks and related issues.
- Assist in performing assessments of technology processes, tools and technologies new to the company;
- Assist in the development of agendas, audit objectives and scope, test procedures, and requests lists;
- Clearly communicate potential issues and evaluate corrective action plans.
- Understanding or working knowledge of cybersecurity concepts, such as, Security Operations (Vulnerability Management, DLP, SIEM etc.), Security Engineering (Cryptography, Cloud Security, Security Architecture etc.), Cyber Security etc.;
- Understanding or working knowledge of Network and Network Security concepts and tools, such as, Network Access Controls, Intrusion Detection and Prevention, TACACS/Radius (Central authentication), Network Penetration Testing, red teaming etc.;
- Understanding or working knowledge of information security controls, infrastructure technology, technology governance and assessments, ethical hacking / cyber security tools e.g. Qualys, Splunk, Netskope, Zscaler etc.;
- Working knowledge of other technology infrastructure concepts, processes and associated risks – such as, Active Directory, Operating System, On-premises Data Center etc.
Education, Experience & Skills:
- University degree in information systems, or other relevant degree, plus a security (CISSP, CEH and/or CISM) designations, with 3-5 years of relevant experience. CISA designation is desirable but not mandatory.
- Working knowledge or prior experience with information systems and operations used in the insurance industry and financial services industry will be beneficial;
- Experience analyzing complex data sets – Prior experience auditing various software development environments, including Agile;
- Ability to quickly comprehend business processes and identify the risk implications, analyze complex situations, reach appropriate conclusions, and make value-added and practical recommendations;
- In depth knowledge of system development methodologies, cyber and network security processes and regulatory requirements;
- Results oriented with a keen focus on quality and delivering value; ability to balance multiple priorities and projects; strong attention to detail while retaining focus on the “big picture” and top risks; flexible and organized with the ability to oversee multiple projects concurrently
- Excellent influencing, and negotiation skills; professional presence, ability to navigate a matrix environment and influence across different areas and levels of management both in Audit Services and Technology
- Demonstrated ability to work effectively in diverse environments and cultures, over multiple office locations
- Ability to identify opportunities to utilize data analytics for enhanced depth and breadth of audit coverage
- Highest level of integrity accompanied by strong ethical principles
If you are ready to unleash your potential, it’s time to start your career with Manulife/John Hancock.
Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. We operate primarily as John Hancock in the United States and Manulife elsewhere. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. At the end of 2018, we had more than 34,000 employees, over 82,000 agents, and thousands of distribution partners, serving almost 28 million customers. As of June 30, 2019, we had over $1.1 trillion (US$877 billion) in assets under management and administration, and in the previous 12 months we made $29.4 billion in payments to our customers. Our principal operations in Asia, Canada and the United States are where we have served customers for more than 100 years. With our global headquarters in Toronto, Canada, we trade as ‘MFC’ on the Toronto, New York, and the Philippine stock exchanges and under ‘945’ in Hong Kong.
Manulife is an equal opportunity employer. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention and advancement and we administer all of our practices and programs based on qualification and performance and without discrimination on any protected ground. It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request any accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.