Cloud Information Security Engineer

Were looking for a Cloud Information Security Engineer to join our Enterprise Technology & Services this role you are expected to be part of the team which will work with different service areas within ETS and serve as a trusted partner and domain expert to the business and help them protect their information assets. Participate in critical global projects and initiatives to ensure Information risk is always appropriately managed perform security risk assessments and consulting on various projects & implementation of tools or services. Work closely with infrastructure development application teams on implementation of security controls to ensure the integrity of information security policies procedures and standards; also report to senior management on the efficiency of such controls.

Position Responsibilities:

• Assisting project teams with identifying and validating security requirements or leading the completion of information risk assessments.
• Performing in-depth risk assessments on projects from technical security perspective to ensure that the security safeguards and controls are in-line with Manulife Security policy and standards.
• Providing input and recommendations to the ETS Service Areas on information security requirements and standard methodologies.
• Assisting with security incident investigations & service provider threat notifications.
• Support other operational security activities including oversight of ongoing security processes (e.g. incident response ad hoc queries periodic access reviews and vulnerability management)
• Help define and improve Information Security practices.
• Working with the ETS Service Areas on Go Live Acceptance Reviews for new infrastructure & services associated with that.
• Reporting on security metrics and compliance with company policies/standards.
• Take on other information risk management tasks as required.

Required Qualifications:

• 2 to 5 years of relevant information security and information risk management experience.
• Solid understanding and experience in the following areas: Security architecture and controls in various infrastructure platforms (i.e. Windows Unix RH Linux Virtual hosting networking end user technology cloud computing including Infrastructure as a Service (IaaS) Platform as a Service (PaaS) and Software as a Service (SaaS)).
• Security systems such as privilege management system SIEM/big data solution for security monitoring NAC vulnerability management solution and operating model PKI/Encryption technology APT solutions (FireEye Z-scaler) Firewall/IPS WAF etc. Knowledge of OWASP SANS or other security-related frameworks and penetration testing methodologies
• Knowledge of application security standard methodologies such as secure coding security testing techniques
• Working experience with Cloud platforms such as Azure AWS or GCP; Windows and related services (i.e. Active Directory DNS IIS MSSQL) Active Directory Federated Services and Protocols (i.e. ADFS SAML); Collaboration and messaging platforms (i.e. Office 365 SharePoint)
• Mobile Devices along with Mobile Device Management / Mobile Application Management Platforms and Services
• Validated ability to establish relationships engage and influence others and work with diverse internal and international user communities as well as vendors
• Experience implementing and/or supporting a large-scale corporate enterprise solution.
• Amenable to work on a fixed night shift schedule and work on a hybrid set-up (3x a week onsite)

Nice To Have

• Professional certification(s) related to information security or information risk management such as CISSP CRISC CISM CISA GIAC are preferred.
• Experience with FAIR or comparable quantitative risk management frameworks is a plus
• Previous experience in the Financial Insurance or Healthcare sectors considered an asset.
• A solid understanding of AI governance frameworks and relevant security standards is considered an asset.
• Ability to identify and implement AI-driven use cases and automation solutions to improve the efficiency and effectiveness of risk assessment and control validation processes.

When you join our team:

• Well empower you to learn and grow the career you want.
• Well recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team well support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider helping people make their decisions easier and lives better. To learn more about us visit is an Equal Opportunity Employer

At Manulife/John Hancock we embrace our diversity. We strive to attract develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment retention advancement and compensation and we administer all of our practices and programs without discrimination on the basis of race ancestry place of origin colour ethnic origin citizenship religion or religious beliefs creed sex (including pregnancy and pregnancy-related conditions) sexual orientation genetic characteristics veteran status gender identity gender expression age marital status family status disability or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process contact .