Senior Manager, Information Risk Management

We are seeking a highly skilled and experienced Senior Application Security Manager to join our Information Risk Management (IRM) Team. In this role, you will be responsible for evaluating and improving the security posture of our applications by identifying, assessing, and mitigating security risks. You will also provide expert security consultation related to security architecture and conduct comprehensive project and vendor risk assessments. You will work closely with cross-functional teams to ensure our applications are designed and implemented with security best practices.

Key Responsibilities:

• Conduct comprehensive security assessments of applications, including threat modeling, vulnerability scanning, and penetration testing.
• Identify, document, and communicate security risks and vulnerabilities to stakeholders, providing actionable recommendations for mitigation.
• Collaborate with development, operations, and security teams to integrate security into the software development lifecycle (SDLC).
• Lead security training and awareness initiatives for development and operations teams to promote secure coding practices and risk management.
• Provide expert security consultation and guidance on security architecture to ensure the design and implementation of secure systems.
• Perform information risk assessments for new/existing projects, IT outsourcing security reviews, and 3rd party risk assessments and ensure compliance with security standards.
• Provide security consultations to internal customers by identifying possible security threats and determining the best security measures.
• Lead security incident management domain by responding to security incidents and conducting cyber tabletop exercise.  
• Stay up-to-date with the latest security trends, vulnerabilities, and technologies to ensure ongoing protection of applications.
• Prepare and present detailed reports and dashboards on security assessment findings and remediation progress to management.

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field; relevant certifications (e.g., CISSP, CISM, CEH, OSCP) are a plus.
• Minimum 8 years of experience in application security, information security, or a related field, with a focus on security architecture, risk assessment, and security incident management.
• Strong understanding of application security principles, practices, and technologies, as well as security architecture frameworks and methodologies.
• Experience with security assessment tools such as Burp Suite, OWASP ZAP, Nessus, or similar.
• Proficiency in scripting and programming languages (e.g., Python, Java, JavaScript) for security testing and automation.
• Familiarity with secure coding practices and frameworks (e.g., OWASP Top Ten, SANS CWE Top 25).
• Excellent analytical, problem-solving, and communication skills.
• Ability to work independently and manage multiple projects and priorities effectively.
• Experience in cloud security (e.g., AWS, Azure) and security architecture is a plus.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact [email protected].

Hybrid