23 Oct
Manulife
Toronto
The Opportunity
Work arrangement: Hybrid (3 days in office, 2 days from home)
Office locations: Toronto - Canada (primary) or Boston - USA
At John Hancock, we are hiring for Manager, Cybersecurity, Resilience, and Governance.
You'll work closely with our Cyber Defense Lead to drive robust security practices across the organization. You'll be deeply involved in application security, threat modeling, and you'll actively engage in hands-on assessments, integrating red teaming to identify vulnerabilities and strengthen our defenses while mentoring developers to foster a strong security culture.
This is an exciting opportunity for a proactive leader who enjoys being hands-on with the keyboard and wants to make a significant impact on how we approach cybersecurity. If you’re ready to influence our security direction and champion best practices, we want you on our team.
This role will serve as a Subject Matter Expert (SME) in application security, advocating for robust security practices, educating developers, and assisting with threat modeling. The ideal candidate will have a strong background in offensive security, proficiency in coding, tool development, and mentoring, demonstrating a well-rounded expertise in both technical and leadership aspects of cybersecurity, with the potential to develop new security solutions such as breach and attack simulations.
Position Responsibilities:
Strategic Cybersecurity Leadership: Provide expert guidance on designing and implementing cybersecurity measures for complex systems. Develop and promote security strategies including design principles and security architecture.
Application Security Expertise: Act as a SME in application security,
advocating for best practices and helping to drive the security agenda within the organization. Educate developers on security principles, practices, and tools.
Threat Modeling and Assessment: Lead and support threat modeling activities to identify and assess potential security risks. Use threat modeling methodologies to guide the development and implementation of effective remediation strategies.
Security Portfolio Development: Explore and potentially build new security solutions, such as breach and attack simulations, to enhance the organization’s security posture and readiness.
Maintain, configure, and analyze security platforms and tools.
Serve as a subject matter expert on Cloud security, in both Azure/0365 and AWS.
Lead application vulnerability management efforts across the company's infrastructure and applications.
Collaboration and Communication: Work closely with cross-functional teams, including developers and security professionals, to integrate security practices into the development lifecycle. Articulate security risks, technical strategies, and outcomes effectively through strong verbal and written communication.
Presentation and Training: Develop and deliver presentations and training sessions to raise security awareness across the organization. Create and present engaging content tailored to various audiences, including technical teams and non-technical stakeholders, to promote understanding and adoption of security best practices.
Required Qualifications:
Must-Haves:
Proven track record in penetration testing/red teaming.
Strong knowledge of SAST, DAST, and application security practices.
Proficiency in a programming language (e.g., Python) and hands-on with security tools (e.g., Metasploit, Burp Suite, Cobalt Strike etc.).
Bachelor’s degree in computer science, Information Security, or a related field.
At least 5 years of experience in cybersecurity, with expertise in one or more of the following areas: (1) application security, (2) threat modeling, (3) security architecture, (4) penetration testing, (5) ethical hacking, (6) vulnerability assessment, and (7) red teaming.
In-depth knowledge of application security testing techniques, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA).
Excellent problem-solving skills, with the ability to manage complex security issues and drive creative solutions.
Demonstrated ability to manage stakeholders and communicate effectively at all levels of the organization.
Self-driven and capable of working independently with minimal supervision.
Flexibility to work onsite or remotely based on business needs.
Hands-on experience with Microsoft Azure.
Preferred Qualifications:
Advanced degrees or certifications (e.g., OSEP, OSWP, OSCP, CRTP, CRTO, CISSP, CISM) are a plus.
Strong background in offensive security and coding, with hands-on experience in penetration testing and security assessment tools.
When you join our team:
We’ll empower you to learn and grow the career you want.
We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
As part of our global team, we’ll support you in shaping the future you want to see.
#LI-JH
#J-18808-Ljbffr
▶️ Manager, Cybersecurity, Resilience, and Governance
🖊️ Manulife
📍 Toronto