Director, Third Party Information Security Management

The Director, Third Party Information Security Managements lead the governance and assurance components of the Third-Party Risk Management program. This role ensures the program meets regulatory expectations and effectively responds to oversight from second-line risk functions and internal audit.

The Director is responsible for coordinating oversight reviews, supporting audit readiness, and managing remediation efforts related to third-party risk management.

The role requires strong governance expertise and the ability to navigate complex stakeholder environments while maintaining program transparency and accountability.

Position Requirements:

Vendor Risk Assessments

• Provide governance oversight for vendor risk assessments and ensure assessment activities align with internal policies and regulatory expectations.
• Review and challenge assessment outcomes where necessary to ensure consistent risk evaluation.
• Support risk decision frameworks for vendor onboarding and ongoing risk acceptance.

Line 2 Risk Oversight

• Serve as the primary liaison between the TPRM program and second-line risk oversight functions.
• Coordinate responses to oversight inquiries and risk challenges related to vendor risk management.
• Ensure appropriate documentation and evidence supports program activities.

Internal Audit Readiness

• Lead preparation for internal audit reviews related to third-party risk management.
• Coordinate evidence gathering and stakeholder engagement during audit activities.
• Ensure clear and timely responses to audit inquiries.

Remediation Management

• Oversee remediation plans for audit findings and oversight observations.
• Track remediation progress and ensure commitments are delivered within agreed timelines.
• Coordinate remediation activities across technology, sourcing, and business teams.

Governance Frameworks

• Maintain and improve policies, procedures, and control documentation supporting the vendor risk program.
• Ensure alignment with enterprise risk management frameworks and regulatory expectations.
• Monitor evolving regulatory requirements impacting vendor risk governance.

Executive Reporting and Risk Intelligence

• Provide governance reporting to leadership and risk committees on audit outcomes, oversight activities, and remediation progress.
• Ensure transparency of vendor risk governance activities to senior leadership.

Program Maturity Improvement

• Identify opportunities to strengthen governance frameworks and improve program effectiveness.
• Support initiatives to enhance regulatory readiness and operational transparency.

Required Qualifications:

• 12 or more years of experience in third party risk management, vendor governance, compliance, cybersecurity, technology risk, or information risk management.
• Experience with Archer, Process Unity, and Ivalua.
• Must have CISSP and/or CISA certification in good standing.
• Experience working with internal audit, regulatory oversight functions, or enterprise risk management.
• Strong knowledge of governance frameworks and regulatory expectations in financial services.
• Experience leading governance or compliance teams.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com.

Referenced Salary Location

Salary range is expected to be between

Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. If you are applying for this role outside of the primary location, please contact hr@manulife.com for the salary range for your location.

Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact hr@manulife.com for more information about U.S.-specific paid time off provisions.