We are seeking a talented individual to lead our Business Unit Security Officers (BUSOs), Business Continuity Officers, Disaster Recover officers and onboarding Managers as a key pillar in the Cybersecurity, Resilience & Governance (CRG) team. As a lead, you will help business and IT partners to recognize and manage their information risk in a dynamic business environment. You will participate in critical projects and initiatives to ensure information risk is always considered and managed appropriately.   

A successful lead will serve as a trusted partner and subject expert supporting his/her teams to empower and help the business protect their information assets and intellectual property. You will help implement new technologies and tools, foster consistency through common methodologies and stay fully aligned with cybersecurity, business continuity and disaster recovery and efforts. 

Office location: Boston - USA or Toronto - Canada (alternate)

Work arrangement: 3 days in office, 2 days from Home; Remote working option is not available;

Required Qualifications:  

• 5+ Years of experience managing a diverse team of SME’s in one or more of the following disciplines: Disaster Recovery, Business Continuity, Information Technology/Systems, Project Management, Information Risk Management, Information Security, ideally with some of that time spent in a large, complex organization.

• Strong understanding of application security (OWASP Top 10, API security, secure coding practices)

• Experience with modern authentication and identity systems (OAuth2, OIDC, SAML, service principals, workload identity)

• Knowledge of secrets management and secure credential handling (e.g., Key Vault, vault-based patterns, eliminating hardcoded secrets)

• Familiarity with cloud security architectures (Azure/AWS), including IAM, networking, and workload protection

• Some familiarity with BCM Planning tools and/or relational databases – e.g., Fusion Risk Management.

• Ability to interpret and assess security findings (e.g., Snyk, code scanning, penetration testing results) and guide remediation

• Broad understanding of application system technologies and Business Continuity/Disaster Recovery tools and techniques.

• Excellent communication skills (oral and written) including ability to develop and deliver effective user education sessions and a willingness to present to all organizational levels.

• Achievement oriented with proven project management skills and the ability to work independently and as part of a team, managing multiple priorities within tight deadlines while maintaining a professional and friendly attitude.

• Ability to work off-hours to help manage incidents or communicate with colleagues in different time zones, occasionally.

• Proven ability to build relationships, engage and influence others, and work with diverse internal and international user communities as well as vendors

• BUSO responsibilities

• Lead and improve application and operational security consulting services to IT, partners and clients 

• Serve as a technical security advisor to BUSOs and business-aligned teams, elevating their ability to identify, assess, and remediate risk beyond checklist-based approaches

• Provide hands-on guidance on secure architecture design, including application, cloud, and infrastructure security patterns

• Act as an escalation point for complex security issues, including authentication, authorization, secrets management, and data protection

• Guide teams on modern identity and access patterns (OAuth2, OIDC, SAML, service-to-service authentication, workload identity, etc.)

• Provide technical oversight on cloud security (Azure/AWS) including IAM, network segmentation, and workload protection

• Translate security requirements into practical, implementable solutions aligned with business and engineering constraints

• Drive adoption of secure-by-design principles across new initiatives and onboarding efforts

• Mentor BUSOs to become more technically fluent, enabling them to act as effective security consultants to the business

• Oversee and technically validate application risk assessments, ensuring findings are grounded in real architecture, data flows, and threat models (not just control checklists)

• Maintain a high level of awareness on security issues and control objectives among all levels of business line staff 

• Embrace and deploy innovative solutions to manage the information risk associated with new technology and new processes

• Identify and communicate known security control issues to business area teams and leadership, providing guidance (as necessary) and oversight to ensure timely remediation 

• Provide support to other risk teams as necessary to address high priority risks 

• Ensure adherence to global information security policies and standards; work with the business and technical teams to implement solutions that comply with security policies and processes 

• Actively participate in your team’s plans to achieve their goals, this includes goals that originate from the security team and the business. Participate in frameworks used to measure and report on progress towards the achievement of goals  

• Stay current on emerging technologies, key business drivers, evolving threats and opportunities from both the business and the security team 

• Collaborate with other security and risk professionals within the US segment and across the company 

• Participate in divisional and global security and risk projects and initiatives as requested. Ensure business requirements and needs are considered in initiatives, projects and services. 

• Ability to challenge and refine risk decisions by evaluating actual exploitability, attack paths, and compensating controls

• BC/DR responsibilities

• Manage the BCM Program - Lead, shape and deliver a practical and effective Business Continuity/Disaster Recovery program that ensures our critical applications, systems, networks and information assets are working and available whenever our business clients need them.

• Provide program oversight to ensure our partners in the Business and in IT are following best practices and remain compliant with Global Standards.

• Work with IT, Project Management colleagues and vendors to ensure systems are built with DR requirements embedded and recovery documentation is in place.

• Work with business areas to ensure recovery strategies and workarounds are documented in case of business interruption.

• Work with vendors and internal partners to provide alternate work areas for critical business processes to continue with minimal interruption in case a primary work area becomes inaccessible.

• Work collaboratively on projects and exercises that benefit the larger BCM program and organization.

• Develop, schedule and conduct BC/DR exercises in accordance with divisional goals and Global standards. Provide oversight for exercises run by the BU or IT teams themselves. Leverage Manulife’s global scale and work with partners worldwide to constantly improve the exercise process and recoverability of processes and systems.

• Use communication skills to provide calm and professional crisis management during disasters or business interruptions.

• Work with incident management and other BC/DR professionals across the company in delivering and gathering timely information and providing guidance in response to disasters.

• Perform quality assurance checks of the work done by the BU’s and IT to ensure they are meeting or exceeding Global standards.

• Move key elements of our program to higher levels of maturity (as measured by Capability Maturity Model) through continuous improvement of processes

• Provide advice, assistance and support to BU’s, IT and other project teams in the delivery of their projects or changes to ensure BC and DR considerations are included as required by Standards.

• Work with other IRM teams to identify areas of program improvement and drive execution through special projects and general working sessions

• Embrace and deploy innovative solutions to manage the information risk associated with new technology and new processes.

• Standardize/streamline our processes and metrics

• Find, devise and deploy ways to standardize our processes not only within BCM but across IRM, ERM and ORM functions to show a holistic view of Information Risk

• Automate the production of metrics and continue to move them to quantitative measures

• Onboarding Responsibilities

• Collaborate with multiple levels and facets of internal Agile business teams to review and triage Agile business outcome-based road maps to identify level of risk associated and resulting risk mitigation actions.  

• Participate in Agile ceremonies (Delivery Increment planning sessions, sync meetings and other key ceremonies, demos, etc.) that Business teams hold to ensure full understanding of business drivers / outcomes / shifts in direction. 

• Facilitate discussions amongst the CRG team members, sharing Business outcome roadmaps and triage script outcomes on a regular basis 

• Act as a change agent and customer relationship manager to the IT community on behalf of CRG.  

• Collaborate with the Second Line of Defense Risk teams for highest risk initiatives to ensure Line 1 information is readily available for management assurance review. 

• Be part of an active team who remains current on emerging risks and technologies, key developments and strategies for the businesses you support. Stay informed on emerging technologies, key business drivers, evolving threats and opportunities from both the business and CRG 

Preferred Qualifications:  

• Financial Services industry experience

• Professional certification in BCM – ABCP, CBCP, MBCI or MBCP

• Professional certification for information security – CISSP, CISA, CISM, CRISC, GIAC

• Solid understanding of Generative AI foundations, principles and tools 

• The ability to work both independently and as part of a team, managing multiple priorities, people and deadlines 

When you join our team:

• We’ll empower you to learn and grow the career you want.

• We’ll recognize and support you in a flexible environment where well-being and inclusion are

• more than just words.

• As part of our global team, we’ll support you in shaping the future you want to see

This job description is not a comprehensive listing of all job duties required for this role. We reserve the right to change these duties or assign additional duties at any time with or without notice.

#LI-JH

The role being advertised is an existing vacancy.

À propos de Manuvie et de John Hancock

La Société Financière Manuvie est un chef de file mondial des services financiers qui aide les gens à prendre leurs décisions plus facilement et à vivre mieux. Pour en apprendre plus à notre sujet, rendez vous à l’adresse www.manuvie.com.

Manuvie est un employeur qui souscrit au principe de l’égalité d’accès à l’emploi

Chez Manulife/John Hancock nous valorisons notre diversité. Nous nous efforçons d’attirer, de perfectionner et de maintenir une main d'oeuvre qui est aussi diversifiée que nos clients, et de favoriser la création d’un milieu de travail inclusif qui met à profit la diversité de nos employés et les compétences de chacun. Nous nous engageons à assurer un recrutement, une fidélisation, une promotion et une rémunération équitables, et nous administrons toutes nos pratiques et tous nos programmes sans discrimination en raison de la race, de l’ascendance, du lieu d’origine, de la couleur, de l’origine ethnique, de la citoyenneté, de la religion ou des croyances ou des convictions religieuses, du genre (y compris grossesse et affection liée à une grossesse), de l’orientation sexuelle, des caractéristiques génétiques, du statut d’ancien combattant, de l’identité de genre, de l’expression de genre, de l’âge, de l’état matrimonial, de la situation de famille, d’une invalidité ou de tout autre motif protégé par la loi applicable.

Nous nous sommes donné comme priorité d’éliminer les obstacles à l’accès égalitaire à l’emploi. C’est pourquoi un représentant des Ressources humaines collaborera avec les candidats qui demandent accommodement raisonnable pendant le recrutement. Tous les renseignements communiqués pendant le processus de demande d'accommodement seront stockés et utilisés conformément aux lois et aux politiques applicables de Manuvie. Pour demander une mesure d’accommodement raisonnable dans le cadre du recrutement, écrivez à hr@manulife.com.

Referenced Salary Location

Modalités de travail

Salary range is expected to be between

Les employés ont également la possibilité de participer à des programmes incitatifs et de recevoir une rémunération liée à la performance de l’entreprise et des individus. Le salaire réel variera selon les conditions du marché local, la région géographique et les facteurs propres au poste, tels que les connaissances, les compétences, les qualifications, l’expérience et la formation. Si vous postulez à ce poste en dehors de votre lieu principal, veuillez contacter hr@manulife.com pour connaître la fourchette salariale applicable à votre région.

Manulife/John Hancock offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension/401(k) savings plans and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in the U.S. includes up to 11 paid holidays, 3 personal days, 150 hours of vacation, and 40 hours of sick time (or more where required by law) each year, and we offer the full range of statutory leaves of absence.

We use data and analytics technologies, such as artificial intelligence (AI), and automated processing tools, to analyze and process the information you provide to us or third parties in the application process. For more information, please refer to our personal information collection statement.

Know Your Rights I Family & Medical Leave I Employee Polygraph Protection I Right to Work I E-Verify