Description:
This is an exciting opportunity to lead Manulife’s Business Unit Security Officers (BUSOs) team within our First Line of Defense. Reporting to the AVP - Technology Risk Management, you will manage risk-based information security assessments for new technologies and changes to IT solutions across Group Functions Technology. In this role, you’ll help safeguard our cloud and on-premises infrastructure, platforms, and services by identifying threats, recommending controls, and ensuring compliance. You’ll gain exposure to cutting-edge security practices and play a critical role in protecting Manulife’s global operations.
Position Responsibilities
- Manage the Business Unit Security Officers team to conduct comprehensive risk assessments of technology systems, applications, and infrastructure.
- Apply security policies and standards to identify gaps and ensure compliance.
- Oversee execution of the information risk assessment program in line with global methodology.
- Review and approve application security measures during the software development lifecycle.
- Collaborate with business, engineering, and architecture teams to embed security practices into workflows.
- Provide expertise in security incident investigations and ensure timely communication of risk assessments.
- Allocate resources based on project needs and maintain integration with customer teams.
- Develop SOPs, deliver training, and manage audits and regulatory reviews.
- Report KPIs and maintain dashboards for stakeholders.
- Stay current on security trends and technologies; evaluate and enhance existing processes.
Required Qualifications
- 10+ years of experience in Information Security disciplines (network, application, IAM, vulnerability management, etc.).
- 10+ years in IT/Information Risk Management (vendor risk, project risk, audits).
- Degree in Computer Science, IT, Software Engineering, Business Administration, or equivalent experience.
- Professional certifications (e.g., CISSP, CRISC, CISM, SANS).
- Experience with security frameworks (ISO 27001, COBIT), standards (NIST), and regulations (GDPR, SOX).
Preferred Qualifications
- Strong knowledge of regulatory requirements.
- Excellent communication, consulting, and influencing skills.
- Analytical, innovative, and strategic thinker.
- Skilled in stakeholder management and alignment.
- Strong presentation and facilitation skills across all levels.