Associate Manager - Audit - Technology Infrastructure Security

Associate Manager - Audit - Technology Infrastructure Security at Manulife

Manulife’s Internal Audit team is seeking an Associate Manager for its Technology & Infrastructure Audit team. The Associate Manager will participate in planning, execution, and reporting for large, complex assurance reviews of all types (key risk audits, emerging risk reviews, program and project audits), to deliver high-quality, professional, cost-effective, valuable, and risk-based audits.

The main responsibility of the role consists of performing audits over areas such as Information Risk Management, Technology Governance, Cybersecurity, Network Security, Identity and Access Management, Data Center Security, Cloud Security, Architecture Reviews, and Business Continuity/Disaster Recovery.

This is a Hybrid opportunity in our Toronto Head office, where you will come into the office on Tuesday, Wednesday, and Thursday and can work from home on Monday and Friday.

Position Responsibilities

• Understand the Information Technology control environment to assess and evaluate the effectiveness and efficiency of internal controls and operating practices.
• Support multiple simultaneous audit projects to ensure time and quality objectives are met. Timely escalation of potential budget overruns and resourcing concerns to the Engagement Lead.
• Complete audit projects to cover key risks and contribute to the production of meaningful audit reports that clearly articulate the position on risks and related issues.
• Assist in performing assessments of technology processes, tools and technologies new to the company.
• Assist in the development of agendas, audit objectives and scope, test procedures, and request lists.
• Communicate potential issues and evaluate corrective action plans.
• Assist with various internal team/department initiatives.

Required Qualifications

• University degree in information systems, or other relevant degree, with 3-5 years of experience in a technology audit/risk management role.
• Understanding or working knowledge of cybersecurity concepts such as Security Operations (Vulnerability Management, DLP, SIEM etc.), Security Engineering (Cryptography, Cloud Security, Security Architecture etc.), Identity and Access Management etc.
• Understanding or working knowledge of Network and Network Security concepts and tools such as Network Access Controls, Intrusion Detection and Prevention, TACACS/Radius (Central authentication), Network Penetration Testing (e.g. red teaming) etc.
• Understanding or working knowledge of information security controls, infrastructure technology, technology governance and assessments, cybersecurity tools (e.g. Qualys), Splunk, Netskope, Zscaler etc.
• Working knowledge of other technology infrastructure concepts, processes, and associated risks - such as, Active Directory, Operating System, On-premises Data Center etc.
• Working knowledge or prior experience with information systems and operations used in the insurance industry and financial services industry is preferred.
• Experience analyzing complex data sets.
• Ability to quickly comprehend business processes and identify the risk implications, analyze complex situations, reach appropriate conclusions, and make valuable and practical recommendations.
• Results-oriented with a keen focus on quality and delivering value; ability to balance multiple priorities and projects; good attention to detail while retaining focus on the “big picture” and top risks; flexible and organized with the ability to oversee multiple projects concurrently.
• Excellent influencing and negotiation skills; professional presence, and influence across different areas and levels of management both in Audit Services and Technology.

Preferred Qualifications

• CISA, CISSP and/or CISM designations are preferred.

Key skills/competency

• IT Audit
• Cybersecurity
• Network Security
• Cloud Security
• Identity and Access Management
• Information Risk Management
• Technology Governance
• Vulnerability Management
• Business Continuity
• Data Center Security