Senior Vendor Information Security Analyst, Vendor Information Security Management
The Senior Vendor Information Security Analyst , Vendor Information Security Management reports locally to the Vendor Information Security Manager in MBPS and is responsible for supporting the VISM team in the delivery of Third-Party Risk Management Center of Expertise (COE) services.
The incumbent will have a deep understanding of Information Security industry standards and best practices. The individual is accountable for driving and monitoring compliance to the Company’s Third-Party Risk Management Policy.
As a subject matter expert, the incumbent is expected to contribute to development and delivery of vendor information security management training and provide input to relevant policies, processes and tools.
In this capacity, the individual must be skilled in influencing others to assess and monitor vendor information security risk following the risk management policy.
Strong experience on the vendor risk assessment process across segments of Manulife :
Global Wealth & Asset Management (GWAM)
Group Functions Technology & Global Data (GFT&GD)
Enterprise Technology Services (ETS)
Leads the peer review of analyst work and spearhead new hire training for new members.
Conducts skills verification, training and calibration to facilitate the effective awareness and application of vendor information security, third-party risk management policy and best practices.
Effective oversight of the operations of the different segments, provides operational updates to the VISM Manager.
Serve as a subject matter expert in interpreting requirements and the first point of contact in addressing escalations.
Escalates complex risk issues to the MBPS VISM Manager and to the Onshore Segment Leads for resolution.
Develop and maintain standard operating procedures (SOPs).
Leads optimization and strategic projects and ensure process documentations and quality framework are up to date.
Support IT audits conducted by Audit Services, regulators, clients and third-party auditors.
Stay informed about the latest developments in the information security management field.
Perform any other job-related instructions, as requested, with reasonable accommodation.
3+ years’ experience in vendor management or third-party risk, Information Security Risk and Control, Internal Audit or Corporate Procurement or Contracts
3+ years in a professional environment
Graduate of 4 year course (Computer Science, Business or Finance preferred, but not required).
Knowledge of IT principles, operations and processes are important.
Experience with data cleanup projects involving vendor types of information
Proven management and leadership skills.
Demonstrated ability to meet deliverables on time
Familiarity with large scale company systems, databases and reporting tools experience in Process Unity is preferred.
Strong interpersonal skills and service-oriented attitude
Exceptional multitasking skills with an aptitude to make the right decision on competing priorities and deadlines
Strong PC skills and proficiency with MS Excel, Word, Access and Sharepoint
Excellent communication skills including presentation skills with demonstrated ability to present at all organization levels.
Attentive to details and quality, well-organized, innovative and result driven;
Self-starter with high level of initiative;
Exercises good judgment;
Operates in a professional and ethical manner with customers and vendors;