Manager, Cybersecurity, Resilience, and Governance Manulife is a leading financial services group. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions.
Work arrangement: Hybrid (3 days in office, 2 days from home)
Office locations: Toronto - Canada (primary) or Boston - USA
At John Hancock, we are hiring for Manager, Cybersecurity, Resilience, and Governance.
You'll work closely with our Cyber Defense Lead to drive robust security practices across the organization. You'll be deeply involved in application security, threat modeling, and you'll actively engage in hands-on assessments, integrating red teaming to identify vulnerabilities and strengthen our defenses while mentoring developers to foster a strong security culture. This is an exciting opportunity for a proactive leader who enjoys being hands-on with the keyboard and wants to make a significant impact on how we approach cybersecurity. If you’re ready to influence our security direction and champion best practices, we want you on our team.
This role will serve as a Subject Matter Expert (SME) in application security, advocating for robust security practices, educating developers, and assisting with threat modeling. The ideal candidate will have a strong background in offensive security, proficiency in coding, tool development, and mentoring, demonstrating a well-rounded expertise in both technical and leadership aspects of cybersecurity, with the potential to develop new security solutions such as breach and attack simulations.
Position Responsibilities: Strategic Cybersecurity Leadership: Provide expert guidance on designing and implementing cybersecurity measures for complex systems. Develop and promote security strategies including design principles and security architecture.
Application Security Expertise: Act as a SME in application security, advocating for best practices and helping to drive the security agenda within the organization. Educate developers on security principles, practices, and tools.
Threat Modeling and Assessment: Lead and support threat modeling activities to identify and assess potential security risks. Use threat modeling methodologies to guide the development and implementation of effective remediation strategies.
Security Portfolio Development: Explore and potentially build new security solutions, such as breach and attack simulations, to enhance the organization’s security posture and readiness.
Maintain, configure, and analyze security platforms and tools.
Serve as a subject matter expert on Cloud security, in both Azure/0365 and AWS.
Lead application vulnerability management efforts across the company's infrastructure and applications.
Collaboration and Communication: Work closely with cross-functional teams, including developers and security professionals, to integrate security practices into the development lifecycle. Articulate security risks, technical strategies, and outcomes effectively through strong verbal and written communication.
Presentation and Training: Develop and deliver presentations and training sessions to raise security awareness across the organization. Create and present engaging content tailored to various audiences, including technical teams and non-technical stakeholders, to promote understanding and adoption of security best practices.
Required Qualifications: Must-Haves:
Proven track record in penetration testing/red teaming.
Strong knowledge of SAST, DAST, and application security practices.
Proficiency in a programming language (e.g., Python) and hands-on with security tools (e.g., Metasploit, Burp Suite, Cobalt Strike etc.).
Bachelor’s degree in computer science, Information Security, or a related field.
At least 5 years of experience in cybersecurity, with expertise in one or more of the following areas: (1) application security, (2) threat modeling, (3) security architecture, (4) penetration testing, (5) ethical hacking, (6) vulnerability assessment, and (7) red teaming.
In-depth knowledge of application security testing techniques, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
Excellent problem-solving skills, with the ability to manage complex security issues and drive creative solutions.
Demonstrated ability to manage stakeholders and communicate effectively at all levels of the organization.
Self-driven and capable of working independently with minimal supervision.
Flexibility to work onsite or remotely based on business needs.
Hands-on experience with Microsoft Azure.
Preferred Qualifications:
Advanced degrees or certifications (e.g., OSEP, OSWP, OSCP, CRTP, CRTO, CISSP, CISM) are a plus.
Strong background in offensive security and coding, with hands-on experience in penetration testing and security assessment tools.
Manulife is an Equal Opportunity Employer. At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
#J-18808-Ljbffr