Lead Application Security Specialist

We are seeking a seasoned and highly driven Lead Application Security Specialist to become a vital part of Manulife's Global Wealth and Asset Management Application Security team. This position will advance GWAM's Cross-Enterprise application security strategy by establishing guidelines and frameworks that empower the organization to adopt a comprehensive approach to capability development. You will collaborate closely with business, product, and technology stakeholders to translate long-term goals into designs that promote enterprise-wide reuse and integration.

As a Lead Application Security Specialist, you will partner with our GWAM IT Risk and Cybersecurity teams to enhance the maturity of practices within both third-party and internally developed software solutions.

The Manulife / John Hancock family is undergoing an exciting transformation. We are evolving from a venerable 130-year-old institution into a nimble 130-year-young organization. This journey is significant, and to quote T.S. Eliot, "The journey, not the destination, matters...". Throughout this process, we expect everyone to contribute their knowledge, skills, and experiences as a cohesive team, and to embrace learning when faced with the unknown.

Within the Manulife family, our team operates within Global Wealth and Asset Management, where we believe that the truth lies in the numbers. We are committed to redefining the investment landscape by emphasizing the value we deliver to our clients, rather than focusing solely on traditional metrics like performance and fees. Our division has recently surpassed $1 trillion in assets under management, encompassing a diverse array of both public and private asset classes. We operate globally, with a presence in North America, Asia, and Europe, serving a wide range of clients from our own on-balance general account assets to institutional, retail, and wealth clients.

The ideal candidate will be a proactive self-starter who thrives on connecting people and technology to address complex challenges at scale. You will analyze, model, and develop sophisticated architectural plans that necessitate the integration of various technologies and coordination across functional areas within the organization. If you possess a passion for long-term strategic thinking while also crafting architectural increments that deliver immediate value to customers, this opportunity is tailored for you.

The Application Security team within the Enterprise Architecture and Risk organization is tasked with defining the foundational elements and capabilities of application security to embed cross-enterprise security practices and optimize the integration of security within the Software Development Life Cycle (SDLC). We are an organization that values innovative and expansive thinking, rewards both behaviors and outcomes, and emphasizes growth and continuous improvement—all in support of Manulife's mission to empower clients and each other to succeed. This role presents a unique opportunity to join a team and organization at the outset of a multi-year platform transformation, with work that will directly influence company direction, our customers, and the industry at large.

Key Responsibilities

• Collaborate with Product, Risk, Cyber, and Technology teams to develop secure application security programs and frameworks that align with business and technology objectives.
• Understand complex modern and legacy integrations and business information models to ensure data integrity and a robust security posture.
• Develop large-scale enterprise solutions focused on implementing security controls and methods to mitigate risks.
• Design for both functional and non-functional qualities, including availability, resilience, security, and privacy.
• Assist the business in scoping and planning upcoming initiatives and roadmap items.
• Implement application security practices, including threat modeling and risk assessment, to ensure non-functional requirements are identified and controls are established to mitigate risks.
• Review, advise, and provide feedback on security practices within and outside the team.
• Develop reference implementation patterns related to security solutions.
• Contribute to the development and revision of security governance processes to ensure alignment of diverse technology projects with the enterprise target state vision.
• Leverage your business and technical insights to create innovative proposals for evolving Manulife's platforms, introducing new products or capabilities, or enhancing processes that benefit the organization or its customers.

Qualifications

• 5+ years of experience as an Application Security Specialist.
• Ability to analyze information flows and recommend suitable technologies to support business processes.
• Experience in enabling and guiding others on application security tools, including Static Analysis (SAST), Dynamic Analysis (DAST), and Open-source vulnerability management.
• Proven experience in reviewing security designs of business applications and proposing countermeasures to address identified risks.
• Experience providing application security support to development teams.
• Familiarity with DevSecOps practices and securing various CI/CD pipelines using different security tools.
• Knowledge of security functions, including Authentication, Authorization, Transport Security, Secure Configuration, and Data Validation/Sanitization.
• Hands-on experience in application and system penetration testing and code review.
• Experience with threat modeling, secure development lifecycle, and secure testing methodologies.
• Knowledge of Vault capabilities and Security Incident and Event Management systems.
• Ability to evaluate new technologies and stay updated on the latest industry trends.
• Strong judgment and the ability to manage high-pressure situations effectively.
• Familiarity with enterprise security frameworks, techniques, and industry trends.
• Preference for working in an Agile environment.
• Excellent presentation and communication skills, with the ability to engage effectively with both technical and executive audiences.
• Security certifications such as CISSP, CISM, or OSCP are preferred.

What We Offer

• Competitive salary and benefits package.
• Opportunities for professional growth and development.
• A focus on career advancement within the organization.
• Flexible work policies promoting a strong work-life balance.
• Professional development and leadership opportunities.

Our Commitment to You

• Values-first culture: We prioritize our values in all our actions and decisions.
• Boundless opportunity: We create avenues for learning and growth at every career stage.
• Continuous innovation: We encourage you to contribute to redefining the future of financial services.
• Commitment to Diversity, Equity, and Inclusion: We cultivate an inclusive workplace where everyone can thrive.
• Championing Corporate Citizenship: We strive to build a business that benefits all customers and positively impacts society and the environment.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services group dedicated to making decisions easier and lives better for our clients. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Asia, Canada, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups, and institutions. At the end of 2022, we had over 40,000 employees, more than 116,000 agents, and thousands of distribution partners, serving over 34 million customers. We are committed to fostering a diverse workforce that reflects the communities we serve and to creating an inclusive environment that values the strengths of all individuals.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace diversity and strive to attract, develop, and retain a workforce that mirrors the diversity of our customer base. We are committed to fair recruitment, retention, advancement, and compensation, and we administer all of our practices and programs without discrimination on any protected grounds.

We prioritize removing barriers to provide equal access to employment opportunities. A Human Resources representative will work with applicants who request reasonable accommodations during the application process. All information shared during the accommodation request process will be handled in accordance with applicable laws and company policies.