Senior Analyst, Information Risk & Application Security

Are you looking for a supportive, collaborative workplace with great teams and inspiring leaders? You’ve come to the right place. We’re looking for ambitious people who share our values and want to make every day better for people around the world. If this sounds like you, and the career below sounds exciting, we’d like to hear from you.
Working Arrangement
At Home

The Opportunity
This role is part the Information Risk Management team under Global Wealth Asset Management (GWAM) Information Technology First Line of Defense. The team performs information risk assessments for new and existing applications, infrastructure, and platforms, both on-premises and cloud-based. It is responsible for identification of threats, assessment of the risk these threats pose to the IT environment, and validation of the appropriate level of protection.
Key Responsibilities

• Provide training and advise key stakeholders on requirements, processes, standards, and best practices around application security and information risk management.
• In collaboration with developers, engineers, and support teams, implement and automate security controls, including those for cloud architectures and container workloads, into CI/CD pipelines.
• Assess new and existing development, testing, deployment, monitoring, and security tools within various areas and business units.
• Perform information risk assessments in compliance with the global Information Risk Assessment methodology, policies, and standards.
• Facilitate and perform threat modeling to identify applicable threats and countermeasures.
• Develop and enhance security requirements for traditional and DevOps environments.

Job Requirements (Experience/Knowledge/Skills)

• Problem solving, analytical, and innovative mindset.
• Experience with container orchestration, infrastructure as code, scripting and coding languages (e.g. Terraform, Bash, PowerShell, Python) is an asset.
• Post-secondary education in computer science, information technology, software engineering, or equivalent professional education.
• Relevant professional certifications (e.g. CISSP, CCSP, CRISC, AZ-500, etc.).
• Team-player who can also work independently.
• Strong communication, presentation, time management, and facilitation skills to all levels and audiences.
• Knowledge of security frameworks (e.g. ISO 270XX), regulatory requirements and standards (e.g. NIST, GDPR, Sarbanes-Oxley), and industry best practices (e.g. OWASP, CSA, CIS).
• Experience in application security including secure software assessment tools like SAST, DAST, SCA, IAST, RASP, etc.
• IT risk management experience in the areas such as vendor risk management, project risk management, IT audit, or IT controls assessment.
• Experience in developing and/or securing CI/CD pipelines using tools like GitHub Actions, Azure DevOps, Jenkins or similar tools.

Every career at Manulife/John Hancock provides the opportunity to learn new skills and move your career forward. Ready to make an impact somewhere? What are you waiting for? Apply today.
About John Hancock And Manulife
John Hancock is a unit of Manulife Financial Corporation, a leading international financial services group that helps people make their decisions easier and lives better. We operate primarily as John Hancock in the United States, and Manulife globally, including Canada, Asia and Europe. We provide financial advice, insurance and wealth and asset management solutions for individuals, groups and institutions. Assets under management and administration by Manulife and its subsidiaries were CAD$1.3 trillion (US$1.1 trillion) as of June 30, 2021. Manulife Financial Corporation trades as MFC on the TSX, NYSE, and PSE, and under 945 on the SEHK. Manulife can be found at manulife.com.
One of the largest life insurers in the United States, John Hancock supports more than 10 million Americans with a broad range of financial products, including life insurance, annuities, investments, 401(k) plans, and education savings plans. Additional information about John Hancock may be found at johnhancock.com.
Manulife is an Equal Opportunity Employer
At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.
It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact [email protected].
Salary & Benefits
The annual base salary for this role is listed below.
Primary Location
CAN, Ontario - Full Time Remote
Salary range is expected to be between
$89,950.00 CAD - $167,050.00 CAD
If you are applying for this role outside of the primary location, please contact [email protected] for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.
Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact [email protected] for more information about U.S.-specific paid time off provisions.