Information Security Consultant

As a Business Unit Security Officer (BUSO) within the Information Risk Management team under Global Wealth Asset Management (GWAM) Information Technology First Line of Defense, you will play a critical role in safeguarding the organization’s IT environment. This role involves conducting risk assessments for new and existing applications, infrastructure, and platforms—both on premises and cloud-based. You will be responsible for identifying threats, evaluating their potential impact, validating appropriate protection measures, providing security advisory to stakeholders, and leading cross-functional collaboration to address complex information risk concerns.

Position Responsibilities: 

• Perform information risk assessments in compliance with the global Information Risk Assessment methodology, policies, and standards.
• Ensure each completed information risk assessment is peer-reviewed and communicated to various stakeholders.
• Develop and enhance security requirements for DevOps environments and collaborate with developers, engineers, and support teams to help implement those requirements in applications, CI/CD pipelines, container workloads, etc.
• Provide training and advise key stakeholders on requirements, processes, standards, and best practices around information security and risk management.
• Respond to audits, second line of defense review, regulatory reviews, risk and control self-assessments.
• Lead and facilitate cross-functional discussions to resolve information risk concerns, ensuring alignment with company standards across technology, business, and risk stakeholders.
• Provide ad-hoc support for ServiceNow (SNOW) request handling, including reviewing and approving firewall and security group requests when required.
• Track and manage identified information risk issues and associated corrective action plans (CAPs), ensuring timely resolution and closure in alignment with governance requirements.
• Candidate must be flexible to work in the morning or in a hybrid environment, as required.

Required Qualifications:

• Experience in application security including secure software assessment tools like SAST, DAST, SCA, IAST, RASP, etc. or similar areas.

• IT risk management experience in areas such as vendor risk management, project risk management, IT audit, or IT controls assessment.
• Strong Knowledge of security controls, frameworks, regulatory requirements and standards, concepts (e.g. ISO 270XX, MAS, etc.), and industry best practices (e.g. OWASP, CSA, CIS).
• Post-secondary education in information security, computer science, information technology, software engineering, or equivalent professional education.
• Strong communication, presentation, time management, and facilitation skills to all levels and audiences.
• Knowledgeable in AKS, Azure, AI Foundry and GitHub
• Exceptional attention to detail, ensuring accuracy and completeness in risk documentation and issue tracking.
• Strong interpersonal and collaboration skills to effectively engage with diverse teams and stakeholders
• Problem solving, analytical, and innovative mindset.
• A team player who can also work independently.

Preferred Qualifications:

• Experience with container orchestration, infrastructure as code, scripting and coding languages (e.g. Terraform, Bash, PowerShell, Python) is an asset.
• Relevant professional certifications (e.g. CISSP, CCSP, CRISC, etc.) is an asset.
• Understanding of Generative AI (GenAI) concepts and practical applications.
• Experience using tools like Power Automate and Copilot Studio to develop solutions that enhance work efficiency and automate tasks.

When you join our team:

• We’ll empower you to learn and grow the career you want. 

• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words. 

• As part of our global team, we’ll support you in shaping the future you want to see.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact recruitment@manulife.com.

Hybrid