Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.
We are seeking a talented Information Security Officer to join Enterprise Technology & Services team. This is a 1st line of defense IT Governance role in which the incumbent will enable businesses and IT partners to recognize and manage their cyber and information security risks in a vibrant business environment.
The incumbent will be part of the team which will work with different service areas within ETS. You will serve as trusted partner and subject matter expert to the business and help them protect their information assets. You will participate in critical global projects and initiatives to ensure Information risk is always appropriately managed. As a security officer you will perform security risk assessments, vendor assessments and consulting on various projects & implementation of tools or services. You will work closely with infrastructure, development, application teams on implementation of security controls to ensure the integrity of information security policies, procedures and standards; also report to senior management on the effectiveness of such controls.
You will join a world-class company known for its commitment to diversity, community involvement and work-life balance via the WorkSmart program where 20% Manulife’s North American employees work from home. We are committed to the personal and professional development of our team members, including support for attaining and keeping industry designations and certifications.
As Information Security Officer you will be:
Assisting project teams with identifying and validating security requirements or leading the completion of information risk assessments.
Performing in-depth risk assessments on projects from technical security perspective to ensure that the security safeguards and controls are in-line with Manulife Security policy and standards.
Conducting security risk assessments of 3rd parties. Assessment types include self-assessment questionnaires, performing site visits and examining external audit reports (i.e. SOC 2 type 2, ISO 27001).
Providing input and recommendations to the ETS Service Areas on information security requirements and best practices.
Assisting with security incident investigations & service provider threat notifications for the ETS Service Areas.
Support other operational security activities including oversight of ongoing security processes (e.g., incident response, ad hoc queries, periodic access reviews and vulnerability management)
Working with the ETS Service Areas to help define and improve Information Security practices.
Working with the ETS Service Areas on input and recommendations to hardening standards for the relevant technologies within each of the ETS Service Areas.
Working with the ETS Service Areas on Acceptance Reviews for new cloud initiatives, infrastructure & services associated with ETS Service Areas
Reporting on security metrics and compliance with company policies/standards.
Take on other information risk management tasks as required.
5+ years of relevant information security and information risk management experience.
5+ years of relevant experience in cloud computing environment such as Azure or AWS including IaaS, PaaS and SaaS.
Professional certification(s) related to information security or information risk management such as CISSP, CISM, CISA, GIAC are preferred.
Experience with FAIR or comparable quantitative risk management frameworks is a plus.
Post-secondary diploma or degree in computer science fields of study is preferred.
Working knowledge and experience in the following areas is a plus:
Security architecture and controls in various infrastructure platforms (i.e. Windows, Unix, Virtual hosting, networking, end user technology, cloud computing including Infrastructure as a Service (IaaS) and Platform as a Service (PaaS)).
Security systems such as privilege management system, SIEM/big data solution for security monitoring, NAC, vulnerability management solution and operating model, PKI/Encryption technology, APT solutions (FireEye, Zscaler), Firewall/IPS, WAF etc.
Knowledge of application security best practices such as secure coding, security testing techniques
Knowledge of OWASP, SANS, or other security-related frameworks and penetration testing methodologies
Configuration Management Technologies (i.e. Ansible, Chef, Puppet), Infrastructure Automation Technologies (i.e. Terraform), Build Automation Technologies (i.e. Jenkins, Concourse), Containerization & Cloud Orchestration Technologies (i.e. Cloud Foundry, Kubernetes, Dockers)
Windows and related services (i.e. Active Directory, DNS, IIS, MSSQL), Active Directory Federated Services and Protocols (i.e. ADFS, SAML)
Collaboration and messaging platforms (i.e. Office 365, Sharepoint)
Mobile Devices along with Mobile Device Management / Mobile Application Management Platforms and Services
GRC platform such as Archer.
Proven ability to build relationships, engage and influence others, and work with diverse internal and international user communities as well as vendors
Previous experience in the Financial, Insurance or Healthcare sectors considered an asset.
Experience implementing and/or supporting a large-scale corporate enterprise solution.
Focused on helping ETS Service Areas achieve their objectives; understands that Information Security must enable the business.
Strong written and verbal communication and effective negotiation skills.
Strong technical skills and background with the ability to easily develop strong working capabilities with new technologies and the related security implications
Influences others across the organization to accomplish their objectives.
Works independently and takes initiative.
Handles conflict well and maintains professionalism at all times.
Takes ownership for their objectives and ensures they are achieved.
Functions well as part of a distributed team.
Strong analytical skills.
Ability to step back for cross-organization context or to pivot to specific, detailed technology and/or risk review.
This is a full time permanent role that can be worked out of a number of office locations including Toronto and Waterloo, ON and Boston, MA
If you are ready to unleash your potential it’s time to start your career with Manulife/John Hancock.
Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Canada, Asia, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups and institutions. At the end of 2019, we had more than 35,000 employees, over 98,000 agents, and thousands of distribution partners, serving almost 30 million customers. As of March 31, 2020, we had $1.2 trillion (US$0.8 trillion) in assets under management and administration, and in the previous 12 months we made $30.4 billion in payments to our customers. Our principal operations are in Asia, Canada and the United States where we have served customers for more than 155 years. We trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.
Manulife is an equal opportunity employer. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention and advancement and we administer all of our practices and programs based on qualification and performance and without discrimination on any protected ground.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request any accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.