Director, Cybersecurity, Resilience & Governance

We are seeking a talentedindividual to lead our Business Unit Security Officers (BUSOs) Business Continuity Officers Disaster Recover officers and onboarding Managers as a key pillar in the Cybersecurity Resilience & Governance (CRG) a leadyou willhelp business and IT partners to recognize and manage their information riskin a dynamic business willparticipatein critical projects and initiatives to ensure information risk is always considered and managed appropriately.

A successful lead will serve as a trusted partner and subject expertsupporting his/her teams to empower and help the business protecttheir information assets and intellectual property. You will help implementnew technologiesand tools foster consistency through commonmethodologiesand stay fully aligned with cybersecurity business continuity and disaster recovery and efforts.

Office location: Boston - USA or Toronto - Canada (alternate)

Work arrangement: 3 days in office 2 days from Home; Remote working option is not available;

Required Qualifications:

• 5Years of experiencemanaging a diverse team of SMEsin one or more of the following disciplines: Disaster Recovery Business Continuity Information Technology/Systems Project Management Information Risk Management Information Security ideally with some of that time spent in a large complex organization.

• Strong understanding of application security (OWASP Top 10 API security secure coding practices)

• Experience with modern authentication and identity systems (OAuth2 OIDC SAML service principals workload identity)

• Knowledge of secrets management and secure credential handling (e.g. Key Vault vault-based patterns eliminating hardcoded secrets)

• Familiarity with cloud security architectures (Azure/AWS) including IAM networking and workload protection

• Some familiarity with BCM Planning tools and/or relational databases e.g. Fusion Risk Management.

• Ability to interpret and assess security findings (e.g. Snyk code scanning penetration testing results) and guide remediation

• Broad understanding of application system technologies and Business Continuity/Disaster Recovery tools and techniques.

• Excellent communication skills (oral and written) including ability to develop and deliver effective user education sessions and a willingness to present to all organizational levels.

• Achievement oriented with proven project management skills and the ability to work independently and as part of a team managing multiple priorities within tight deadlines while maintaining a professional and friendly attitude.

• Ability to work off-hours to help manage incidents or communicate with colleagues in different time zones occasionally.

• Proven ability to build relationships engage and influence others and work with diverse internal and international user communities as well as vendors

• BUSO responsibilities

• Lead and improve application and operational security consulting services to ITpartnersand clients

• Serve as a technical security advisor to BUSOs and business-aligned teams elevating their ability to identify assess and remediate risk beyond checklist-based approaches

• Provide hands-on guidance on secure architecture design including application cloud and infrastructure security patterns

• Act as an escalation point for complex security issues including authentication authorization secrets management and data protection

• Guide teams on modern identity and access patterns (OAuth2 OIDC SAML service-to-service authentication workload identity etc.)

• Provide technical oversight on cloud security (Azure/AWS) including IAM network segmentation and workload protection

• Translate security requirements into practical implementable solutions aligned with business and engineering constraints

• Drive adoption of secure-by-design principles across new initiatives and onboarding efforts

• Mentor BUSOs to become more technically fluent enabling them to act as effective security consultants to the business

• Oversee and technically validate application risk assessments ensuring findings are grounded in real architecture data flows and threat models (not just control checklists)

• Maintain a high levelof awareness on security issues and control objectives among all levels of business line staff

• Embrace and deploy innovative solutions to manage the information risk associated with new technology and new processes

• Identifyand communicate known security control issues to business area teams and leadership providing guidance (as necessary) and oversight to ensuretimelyremediation

• Provide support to other risk teams as necessary to address high priority risks

• Ensure adherence to global information security policies and standards; work with the business and technical teams to implement solutions thatcomply withsecurity policies and processes

• Activelyparticipatein your teams plans to achieve theirgoalsthis includes goals that originate from the security team and the business. Participate in frameworks used to measure and report on progress towards the achievement of goals

• Stay current on emerging technologies key business drivers evolvingthreatsand opportunities from both the business and the security team

• Collaborate with other security and risk professionals within the US segment and across the company

• Participate in divisional and global security and risk projects and initiatives as requested. Ensure business requirements and needs are considered in initiativesprojectsand services.

• Ability to challenge and refine risk decisions by evaluating actual exploitability attack paths and compensating controls

• BC/DR responsibilities

• Manage the BCM Program - Lead shape and deliver a practical and effective Business Continuity/Disaster Recovery program that ensures our critical applications systems networks and information assets are working and available whenever our business clients need them.

• Provide program oversight to ensure our partners in the Business and in IT are following best practices and remain compliant with Global Standards.

• Work with IT Project Management colleagues and vendors to ensure systems are built with DR requirements embedded and recovery documentation is in place.

• Work with business areas to ensure recovery strategies and workarounds are documented in case of business interruption.

• Work with vendors and internal partners to provide alternate work areas for critical business processes to continue with minimal interruption in case a primary work area becomes inaccessible.

• Work collaboratively on projects and exercises that benefit the larger BCM program and organization.

• Develop schedule and conduct BC/DR exercises in accordance with divisional goals and Global standards. Provide oversight for exercises run by the BU or IT teams themselves. Leverage Manulifes global scale and work with partners worldwide to constantly improve the exercise process and recoverability of processes and systems.

• Use communication skills to provide calm and professional crisis management during disasters or business interruptions.

• Work with incident management and other BC/DR professionals across the company in delivering and gathering timely information and providing guidance in response to disasters.

• Perform quality assurance checks of the work done by the BUs and IT to ensure they are meeting or exceeding Global standards.

• Move key elements of our program to higher levels of maturity (as measured by Capability Maturity Model) through continuous improvement of processes

• Provide advice assistance and support to BUs IT and other project teams in the delivery of their projects or changes to ensure BC and DR considerations are included as required by Standards.

• Work with other IRM teams to identify areas of program improvement and drive execution through special projects and general working sessions

• Embrace and deploy innovative solutions to manage the information risk associated with new technology and new processes.

• Standardize/streamline our processes and metrics

• Find devise and deploy ways to standardize our processes not only within BCM but across IRM ERM and ORM functions to show a holistic view of Information Risk

• Automate the production of metrics and continue to move them to quantitative measures

• Onboarding Responsibilities

• Collaborate with multiple levels andfacetsof internalAgilebusiness teamsto review andtriageAgile businessoutcome-basedroad mapstoidentifylevel of risk associated and resulting risk mitigation actions.

• Participatein Agile ceremonies (Delivery Increment planning sessions sync meetingsand other key ceremonies demos etc.) that Business teams hold to ensure full understanding of business drivers/outcomes / shifts in direction.

• Facilitatediscussions amongst the CRG team members sharing Business outcome roadmaps and triage script outcomes on a regular basis

• Act as a change agent and customer relationship manager to the IT community on behalf of CRG.

• Collaborate with the Second Line of Defense Risk teams for highestriskinitiatives to ensure Line 1 information is readily available for management assurance review.

• Be part of an active team whoremainscurrent on emerging risks and technologies keydevelopmentsand strategies for the businesses you support. Stay informed on emerging technologies key business drivers evolvingthreatsand opportunities from both the business andCRG

Preferred Qualifications:

• Financial Services industry experience

• Professional certification in BCM ABCP CBCP MBCI or MBCP

• Professional certification for information security CISSP CISA CISM CRISC GIAC

• Solid understanding of Generative AI foundationsprinciplesand tools

• The ability to work both independently and as part of a team managing multiple priorities people and deadlines

When you join our team:

• Well empower you to learn and grow the career you want.

• Well recognize and support you in a flexible environment where well-being and inclusion are

• more than just words.

• As part of our global team well support you in shaping the future you want to see

This job description is not a comprehensive listing of all job duties required for this role. We reserve the right to change these duties or assign additional duties at any time with or without notice.

#LI-JH

The role being advertised is an existing vacancy.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider helping people make their decisions easier and lives better. To learn more about us visit is an Equal Opportunity Employer

At Manulife/John Hancock we embrace our diversity. We strive to attract develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment retention advancement and compensation and we administer all of our practices and programs without discrimination on the basis of race ancestry place of origin colour ethnic origin citizenship religion or religious beliefs creed sex (including pregnancy and pregnancy-related conditions) sexual orientation genetic characteristics veteran status gender identity gender expression age marital status family status disability or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process contact .

Referenced Salary Location

Salary range is expected to be between

Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance. The actual salary will vary depending on local market conditions geography and relevant job-related factors such as knowledge skills qualifications experience and education/training. If you are applying for this role outside of the primary location please contact for the salary range for your location.

Manulife/John Hancock offers eligible employees a wide array of customizable benefits including health dental mental health vision short- and long-term disability life and AD&D insurance coverage adoption/surrogacy and wellness benefits and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension/401(k) savings plans and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in the U.S. includes up to 11 paid holidays 3 personal days 150 hours of vacation and 40 hours of sick time (or more where required by law) each year and we offer the full range of statutory leaves of absence.

We use data and analytics technologies such as artificial intelligence (AI) and automated processing tools to analyze and process the information you provide to us or third parties in the application process. For more information please refer to our personal information collection statement.

Know Your Rights I Family & Medical Leave I Employee Polygraph Protection I Right to Work I E-Verify