Manager, Cybersecurity, Resilience, and Governance

Posted:
10/9/2024, 8:36:05 AM

Location(s):
Massachusetts, United States ⋅ Ontario, Canada ⋅ Old Toronto, Ontario, Canada ⋅ Waterloo, Ontario, Canada ⋅ Boston, Massachusetts, United States

Experience Level(s):
Senior

Field(s):
IT & Security

Workplace Type:
Hybrid

The Opportunity

Work arrangement: Hybrid (3 days in office, 2 days from home)

Office locations: Toronto - Canada (primary) or Boston - USA

At John Hancock, we are hiring for Manager, Cybersecurity, Resilience, and Governance.

You'll work closely with our Cyber Defense Lead to drive robust security practices across the organization. You'll be deeply involved in application security, threat modeling, and you'll actively engage in hands-on assessments, integrating red teaming to identify vulnerabilities and strengthen our defenses while mentoring developers to foster a strong security culture. This is an exciting opportunity for a proactive leader who enjoys being hands-on with the keyboard and wants to make a significant impact on how we approach cybersecurity. If you’re ready to influence our security direction and champion best practices, we want you on our team

 

This role will serve as a Subject Matter Expert (SME) in application security, advocating for robust security practices, educating developers, and assisting with threat modeling. The ideal candidate will have a strong background in offensive security, proficiency in coding, tool development, and mentoring, demonstrating a well-rounded expertise in both technical and leadership aspects of cybersecurity, with the potential to develop new security solutions such as breach and attack simulations.

Position Responsibilities:

  • Strategic Cybersecurity Leadership: Provide expert guidance on designing and implementing cybersecurity measures for complex systems. Develop and promote security strategies including design principles and security architecture.

  • Application Security Expertise: Act as a SME in application security, advocating for best practices and helping to drive the security agenda within the organization. Educate developers on security principles, practices, and tools.

  • Threat Modeling and Assessment: Lead and support threat modeling activities to identify and assess potential security risks. Use threat modeling methodologies to guide the development and implementation of effective remediation strategies.

  • Security Portfolio Development: Explore and potentially build new security solutions, such as breach and attack simulations, to enhance the organization’s security posture and readiness.

  • Maintain, configure, and analyze security platforms and tools.

  • Serve as a subject matter expert on Cloud security, in both Azure/0365 and AWS.

  • Lead application vulnerability management efforts across the company's infrastructure and applications.

  • Collaboration and Communication: Work closely with cross-functional teams, including developers and security professionals, to integrate security practices into the development lifecycle. Articulate security risks, technical strategies, and outcomes effectively through strong verbal and written communication.

  • Presentation and Training: Develop and deliver presentations and training sessions to raise security awareness across the organization. Create and present engaging content tailored to various audiences, including technical teams and non-technical stakeholders, to promote understanding and adoption of security best practices.

Required Qualifications:

Must-Haves:

  • Proven track record in penetration testing/red teaming.

  • Strong knowledge of SAST, DAST, and application security practices.

  • Proficiency in a programming language (e.g., Python) and hands-on with security tools (e.g., Metasploit, Burp Suite, Cobalt Strike etc.).

  • Bachelor’s degree in computer science, Information Security, or a related field.

  • At least 5 years of experience in cybersecurity, with expertise in one or more of the following areas: (1) application security, (2) threat modeling, (3) security architecture, (4) penetration testing, (5) ethical hacking, (6) vulnerability assessment, and (7) red teaming.

  • In-depth knowledge of application security testing techniques, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).

  • Excellent problem-solving skills, with the ability to manage complex security issues and drive creative solutions.

  • Demonstrated ability to manage stakeholders and communicate effectively at all levels of the organization.

  • Self-driven and capable of working independently with minimal supervision.

  • Flexibility to work onsite or remotely based on business needs.

  • Hands-on experience with Microsoft Azure.

Preferred Qualifications:

  • Advanced degrees or certifications (e.g., OSEP, OSWP, OSCP, CRTP, CRTO, CISSP, CISM) are a plus.

  • Strong background in offensive security and coding, with hands-on experience in penetration testing and security assessment tools.

When you join our team:

  • We’ll empower you to learn and grow the career you want.

  • We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.

  • As part of our global team, we’ll support you in shaping the future you want to see.

#LI-JH

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact [email protected].

Primary Location

Toronto, Ontario

Working Arrangement

Hybrid

Salary range is expected to be between

$92,190.00 CAD - $171,210.00 CAD

If you are applying for this role outside of the primary location, please contact [email protected] for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.

Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact [email protected] for more information about U.S.-specific paid time off provisions.