Candidate Value Proposition
• Opportunity to work with a large and diverse supplier portfolio.
• Exposure to complex IT contracts and enterprise level risk management.
• Ability to influence contract standards and strengthen client’s vendor governance practices.
• Work closely with cross functional teams, including Legal, Compliance, Procurement, and Risk.
Job Summary:
The Contract Specialist will be responsible for reviewing Vendor contracts to ensure it has the necessary IT security controls to keep client’s data and/other information safe. The individual will be responsible for reviewing and recommending the necessary clauses to business Stakeholders. A successful candidate should have experience with interpreting contract language, and recommend appropriate contract controls based on products and services the vendor provides. The candidate must possess superior relationship management skills and an ability to thrive in a fast-paced environment and exercise sound, independent judgment.
Key Responsibilities:
Contract Specialist will assist the VISM Team in completing the following activities:
• Reviewing contract clauses/language to determine compliance to ML contract requirements.
• Support internal stakeholders and Legal in supplying exceptional client service and outlining risk associated with the supplier.
• Initiate reviews of existing vendor' contracts with our various internal business units as needed.
• Responding to contract inquiries.
• Support Procurement with contract clauses and/or exceptions.
• Provide guidance to Vendor information Risk Management team (VISM) and Vendor Governance Management (VGM).
• Taking the initiative to keep up to date on new laws and regulatory guidance/requirements as these can impact contractual language.
• Ability to breakdown complex concepts into easily understood language and effectively articulate those concepts to vendors and internal stakeholders.
• Work independently and diligently to meet tight negotiating timelines.
• Collaborate with Legal, Compliance, Risk Areas, business stakeholders and other groups as necessary to meet Manulife’s objectives.
Candidate Requirements/Must Have Skills:
1. IT contract related experience and/or lawyer.
2. Minimum 5 years' experience reviewing third party contracts or other Third-Party Risk Management experience – specifically in IT/cyber security requirements.
3. Basic cybersecurity knowledge: exposure to information security field and understands the flow of data.
4. Excellent computer skills, including MS Office – Word, Excel, power BI and other risk tools – Archer, ProcessUnity and Ivalua
5. 3+ years demonstrated success in a progressive number of Risk Roles or Procurement
Nice-To-Have Skills:
1. Knowledge of third-party risk management concepts or solid understanding of IT (Information Technology) general control and information security principles
2. Understanding of industry-recognized compliance/risk frameworks such as NIST (National Institute of Standards & Technology) 800-53, NIST Cybersecurity Framework (CSF) and ISO 27001
3. Understanding of the regulatory requirements for third party contracts within OSFI B-10/13 and OCC.
4. Familiarity with vendor information security questionnaires assessments.
Education:
• Bachelor’s degree - business, Economics, or Finance
• Law Degree is a nice to have
• Experience in IT Risk, Third Party Risk Management and/or Procurement
• Industry recognized IT, Third Party Risk or Procurement Certification(s) a plus.
