Vendor Information Security Senior Analyst
Vendor Information Security Senior Analyst (Level 6)
(Japanese Language Required – JLPT N1)
We are seeking a highly skilled Vendor Information Security Senior Analyst (Level 6) to join the Vendor Information Security Management (VISM) / IT Governance team. This role supports the delivery of Vendor Risk Management Center of Excellence (COE) services and focuses on managing third-party/vendor information security risks across regions, including Japan.
The role requires strong stakeholder management, risk assessment expertise, and the ability to work across global teams while supporting regulatory, audit, and business requirements. The successful candidate will also play a key role in ensuring vendor risk processes align with enterprise security standards and industry best practices.
Position Responsibilities:
Vendor Risk Assessment & Governance
- Perform end-to-end third-party/vendor information security risk assessments for new and existing vendors across assigned regions (including Japan).
- Handle complex vendor risk assessments across multiple business segments.
- Review and evaluate:
- Independent audit reports
- Penetration testing reports
- Vulnerability management reports
- Conduct virtual vendor assessments, when required.
- Responsible for the Japan and other assigned country Vendor Information risk assessments of new and existing vendors/Third Parties
- Working closely with Category Managers in Procurement, BU contacts and contract owners, BU security officers and business continuity, privacy analysts.
- Perform on virtual site visits of vendors if required.
- Perform contract reviews and working with Legal team as appropriate
- Document issues arising from risk assessments and log the issues in various tools.
- Perform any other tasks as assigned related to Vendor Information Security Management (VISM)
Stakeholder Collaboration
- Work closely with:
- Procurement and Category Managers
- Business Unit stakeholders and contract owners
- Security, privacy, and business continuity teams
- Provide updates in weekly reports, governance forums, and stakeholder meetings.
Risk Management & Reporting
- Identify, document, and track security risks and control gaps in vendor engagements.
- Maintain accurate risk records in Vendor Risk Management tools (e.g., Archer, ProcessUnity).
- Support remediation tracking and communicate risk posture to stakeholders.
Audit & Compliance Support
- Support internal and external audits (Audit Services, regulators, clients, third-party auditors).
- Conduct contract security reviews in partnership with Legal and Compliance teams.
- Ensure alignment with information security frameworks (ISO 27001, NIST, PCI DSS, etc.).
Continuous Improvement & Thought Leadership
- Stay current on:
- Emerging cybersecurity risks
- Industry trends and technologies
- Regulatory developments
- Contribute to the enhancement of vendor risk methodologies, policies, and procedures.
- Support broader initiatives in information security, IT governance, and business continuity.
Required Qualifications:
- 5+ years of experience in:
- Information Security
- IT Risk / Governance / Compliance
- Technology Audit / Cybersecurity
- Third-Party Risk Management
Education & Experience
- Bachelor’s degree in Computer Science, Information Security, Business, Finance, or related field.
- 5+ years of experience in:
- Information Security
- IT Risk / Governance / Compliance
- Technology Audit / Cybersecurity
- Third-Party Risk Management
- Experience within financial services or insurance industry is a strong advantage.
Certifications (Preferred)
- CISA, CRISC, CISSP, or equivalent certifications.
Technical & Functional Skills
- Strong knowledge of:
- Vendor Risk Management practices
- IT risk and control frameworks (ISO 27001, NIST, etc.)
- Experience in:
- Risk assessment methodologies
- Security controls evaluation
- Vendor risk tools (e.g., Archer, ProcessUnity)
Language Requirement
- Japanese Language Proficiency: JLPT N1 (Required)
- Excellent written and verbal communication skills in Japanese
- Ability to engage with Japan-based stakeholders and vendors effectively
Preferred Qualifications:
- Strong analytical and problem-solving skills
- Excellent communication and stakeholder management
- Ability to manage multiple priorities in a global, matrixed environment
- High attention to detail and risk awareness
- Adaptability to evolving security and regulatory landscapes
Work Setup
- Flexible work arrangement (onsite and remote as required)
- Willingness to align with regional/global schedules
When you join our team:
• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we’ll support you in shaping the future you want to see.
About Manulife and John Hancock
Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.
Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com.
Working Arrangement