Director, Cybersecurity, Resilience & Governance

We are seeking a talented individual to lead our Business Unit Security Officers (BUSOs), Business Continuity Officers, Disaster Recover officers and onboarding Managers as a key pillar in the Cybersecurity, Resilience & Governance (CRG) team. As a lead, you will help business and IT partners to recognize and manage their information risk in a dynamic business environment. You will participate in critical projects and initiatives to ensure information risk is always considered and managed appropriately.


A successful lead will serve as a trusted partner and subject expert supporting his/her teams to empower and help the business protect their information assets and intellectual property. You will help implement new technologies and tools, foster consistency through common methodologies and stay fully aligned with cybersecurity, business continuity and disaster recovery and efforts.


Office location: Boston - USA or Toronto - Canada (alternate)

Work arrangement: 3 days in office, 2 days from Home; Remote working option is not available;

Required Qualifications:

• 5+ Years of experience managing a diverse team of SME's in one or more of the following disciplines: Disaster Recovery, Business Continuity, Information Technology/Systems, Project Management, Information Risk Management, Information Security, ideally with some of that time spent in a large, complex organization.
• Strong understanding of application security (OWASP Top 10, API security, secure coding practices)
• Experience with modern authentication and identity systems (OAuth2, OIDC, SAML, service principals, workload identity)
• Knowledge of secrets management and secure credential handling (e.g., Key Vault, vault-based patterns, eliminating hardcoded secrets)
• Familiarity with cloud security architectures (Azure/AWS), including IAM, networking, and workload protection
• Some familiarity with BCM Planning tools and/or relational databases - e.g., Fusion Risk Management.
• Ability to interpret and assess security findings (e.g., Snyk, code scanning, penetration testing results) and guide remediation
• Broad understanding of application system technologies and Business Continuity/Disaster Recovery tools and techniques.
• Excellent communication skills (oral and written) including ability to develop and deliver effective user education sessions and a willingness to present to all organizational levels.
• Achievement oriented with proven project management skills and the ability to work independently and as part of a team, managing multiple priorities within tight deadlines while maintaining a professional and friendly attitude.
• Ability to work off-hours to help manage incidents or communicate with colleagues in different time zones, occasionally.
• Proven ability to build relationships, engage and influence others, and work with diverse internal and international user communities as well as vendors

• BUSO responsibilities
• Lead and improve application and operational security consulting services to IT, partners and clients
• Serve as a technical security advisor to BUSOs and business-aligned teams, elevating their ability to identify, assess, and remediate risk beyond checklist-based approaches
• Provide hands-on guidance on secure architecture design, including application, cloud, and infrastructure security patterns
• Act as an escalation point for complex security issues, including authentication, authorization, secrets management, and data protection
• Guide teams on modern identity and access patterns (OAuth2, OIDC, SAML, service-to-service authentication, workload identity, etc.)
• Provide technical oversight on cloud security (Azure/AWS) including IAM, network segmentation, and workload protection
• Translate security requirements into practical, implementable solutions aligned with business and engineering constraints
• Drive adoption of secure-by-design principles across new initiatives and onboarding efforts
• Mentor BUSOs to become more technically fluent, enabling them to act as effective security consultants to the business
• Oversee and technically validate application risk assessments, ensuring findings are grounded in real architecture, data flows, and threat models (not just control checklists)
• Maintain a high level of awareness on security issues and control objectives among all levels of business line staff
• Embrace and deploy innovative solutions to manage the information risk associated with new technology and new processes
• Identify and communicate known security control issues to business area teams and leadership, providing guidance (as necessary) and oversight to ensure timely remediation
• Provide support to other risk teams as necessary to address high priority risks
• Ensure adherence to global information security policies and standards; work with the business and technical teams to implement solutions that comply with security policies and processes
• Actively participate in your team's plans to achieve their goals, this includes goals that originate from the security team and the business. Participate in frameworks used to measure and report on progress towards the achievement of goals
• Stay current on emerging technologies, key business drivers, evolving threats and opportunities from both the business and the security team
• Collaborate with other security and risk professionals within the US segment and across the company
• Participate in divisional and global security and risk projects and initiatives as requested. Ensure business requirements and needs are considered in initiatives, projects and services.
• Ability to challenge and refine risk decisions by evaluating actual exploitability, attack paths, and compensating controls

• BC/DR responsibilities
• Manage the BCM Program - Lead, shape and deliver a practical and effective Business Continuity/Disaster Recovery program that ensures our critical applications, systems, networks and information assets are working and available whenever our business clients need them.
• Provide program oversight to ensure our partners in the Business and in IT are following best practices and remain compliant with Global Standards.
• Work with IT, Project Management colleagues and vendors to ensure systems are built with DR requirements embedded and recovery documentation is in place.
• Work with business areas to ensure recovery strategies and workarounds are documented in case of business interruption.
• Work with vendors and internal partners to provide alternate work areas for critical business processes to continue with minimal interruption in case a primary work area becomes inaccessible.
• Work collaboratively on projects and exercises that benefit the larger BCM program and organization.
• Develop, schedule and conduct BC/DR exercises in accordance with divisional goals and Global standards. Provide oversight for exercises run by the BU or IT teams themselves. Leverage Manulife's global scale and work with partners worldwide to constantly improve the exercise process and recoverability of processes and systems.
• Use communication skills to provide calm and professional crisis management during disasters or business interruptions.
• Work with incident management and other BC/DR professionals across the company in delivering and gathering timely information and providing guidance in response to disasters.
• Perform quality assurance checks of the work done by the BU's and IT to ensure they are meeting or exceeding Global standards.
• Move key elements of our program to higher levels of maturity (as measured by Capability Maturity Model) through continuous improvement of processes
• Provide advice, assistance and support to BU's, IT and other project teams in the delivery of their projects or changes to ensure BC and DR considerations are included as required by Standards.
• Work with other IRM teams to identify areas of program improvement and drive execution through special projects and general working sessions
• Embrace and deploy innovative solutions to manage the information risk associated with new technology and new processes.
• Standardize/streamline our processes and metrics
• Find, devise and deploy ways to standardize our processes not only within BCM but across IRM, ERM and ORM functions to show a holistic view of Information Risk
• Automate the production of metrics and continue to move them to quantitative measures

• Onboarding Responsibilities
• Collaborate with multiple levels and facets of internal Agile business teams to review and triage Agile business outcome-based road maps to identify level of risk associated and resulting risk mitigation actions.
• Participate in Agile ceremonies (Delivery Increment planning sessions, sync meetings and other key ceremonies, demos, etc.) that Business teams hold to ensure full understanding of business drivers / outcomes / shifts in direction.
• Facilitate discussions amongst the CRG team members, sharing Business outcome roadmaps and triage script outcomes on a regular basis
• Act as a change agent and customer relationship manager to the IT community on behalf of CRG.
• Collaborate with the Second Line of Defense Risk teams for highest risk initiatives to ensure Line 1 information is readily available for management assurance review.
• Be part of an active team who remains current on emerging risks and technologies, key developments and strategies for the businesses you support. Stay informed on emerging technologies, key business drivers, evolving threats and opportunities from both the business and CRG

Preferred Qualifications:

• Financial Services industry experience
• Professional certification in BCM - ABCP, CBCP, MBCI or MBCP
• Professional certification for information security - CISSP, CISA, CISM, CRISC, GIAC
• Solid understanding of Generative AI foundations, principles and tools
• The ability to work both independently and as part of a team, managing multiple priorities, people and deadlines

When you join our team:

• We'll empower you to learn and grow the career you want.
• We'll recognize and support you in a flexible environment where well-being and inclusion are
• more than just words.
• As part of our global team, we'll support you in shaping the future you want to see

This job description is not a comprehensive listing of all job duties required for this role. We reserve the right to change these duties or assign additional duties at any time with or without notice.

#LI-JH

The role being advertised is an existing vacancy.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact View email address on click.appcast.io.

Referenced Salary Location
Boston, Massachusetts

Working Arrangement

Hybrid

Salary range is expected to be between
$127,330.00 USD - $236,470.00 USD

Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. If you are applying for this role outside of the primary location, please contact View email address on click.appcast.io for the salary range for your location.

Manulife/John Hancock offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension/401(k) savings plans and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in the U.S. includes up to 11 paid holidays, 3 personal days, 150 hours of vacation, and 40 hours of sick time (or more where required by law) each year, and we offer the full range of statutory leaves of absence.

We use data and analytics technologies, such as artificial intelligence (AI), and automated processing tools, to analyze and process the information you provide to us or third parties in the application process. For more information, please refer to our personal information collection statement.

Know Your Rights I Family & Medical Leave I Employee Polygraph Protection I Right to Work I E-Verify

Company: John Hancock Life Insurance Company (U.S.A.)