Vice President of Cyber Defense Strategy and Resiliency

Manulife is at the forefront of cybersecurity innovation, safeguarding critical assets with a sophisticated security program. We are seeking a visionary leader to fill the role of Vice President of Cyber Defense Strategy and Resiliency. This executive position is pivotal in shaping the strategic direction of our application security initiatives across all global operations and business lines.

As the Vice President of Cyber Defense Strategy and Resiliency, you will spearhead the development and execution of an enterprise-wide security strategy, ensuring robust protection of our digital infrastructure against evolving threats. Your leadership will drive the integration of security policies into the software development lifecycle, ensuring compliance with regulatory mandates and adherence to industry best practices. Your role will be instrumental in balancing security resilience with business innovation, particularly in the realms of GenAI and AI technologies.

This executive role demands a visionary leader who can drive innovation and resilience in Manulife's cybersecurity posture, ensuring the protection of our global assets while enabling transformative business growth.

Responsibilities:

Global Security Strategy and Implementation:

• Lead the strategic direction of our Vulnerability Management and Application Security programs, ensuring alignment with our global business objectives

• Collaborate with business units to tailor security controls to specific threat landscapes, driving maturity and resilience across teams and services.

• Maintain a security roadmap that aligns with both cyber and business strategies, meeting regulatory and compliance requirements.

• Present to the executive teams across the globe on the current security posture and identify systemic issues.

Security Leadership:

• Mature the existing operating model to provide centralized security services for the identification, assessment and risk-based prioritization of all vulnerabilities.

• Cultivate and lead a high-performing team of cybersecurity experts, fostering a culture of continuous improvement and proactive security measures.

• Drive intelligent remediation through engineering excellence and runtime enforcement, minimizing risk exposure and enhancing security maturity.

• Develop a proactive approach through tools, processes and people to drive a culture of continuous improvement

• Collaborate with segment partners to integrate security controls into DevSecOps and security SDLC practices aligned with industry standards and best practices (OWASP, NIST).

GenAI, AI, Data Security, and Analytics:

• Lead the design and implementation of AI-driven solutions for automated vulnerability detection, prioritization, and remediation.

• Oversee the integration of predictive analytics to forecast emerging threats and vulnerabilities.

• Implement AI-powered anomaly detection for real-time monitoring of applications and infrastructure vulnerabilities and gaps.

• Develop automated response frameworks that leverage AI to identify high-impact vulnerabilities and recommend context-aware remediation paths that align with business priorities.

• Leverage AI-powered solutions based on different CI/CD pipelines used across the organization to enable automated remediation and reporting of vulnerabilities.

• Provide expert guidance and support to business units leveraging AI and GenAI technologies, ensuring that security considerations are effectively integrated into their initiatives

Regulatory Compliance, Governance, and Stakeholder Management:

• Ensure alignment with OSFI and other regulatory frameworks, delivering executive-level insights to the Board and Senior Management.

• Ensure segment-level OKRs are aligned with enterprise goals for security awareness and remediation acceleration.

• Collaborate with Line 1b, Line 2, and Internal Audit teams on security governance matters.

• Work with segment partners to implement appropriate security controls that align with audit, regulatory and compliance requirements.

Security Resilience:

• Drive the integration of security resilience principles and practices into Application security and vulnerability management practices.

• Develop risk-based prioritization for the patching, remediation and protection of critical assets and processes to drive and support their resilience.

• Work with Security Operations teams to ensure that incident response and recovery processes are designed to minimize the impact of security incidents on business operations and maintain the organization's resilience.

• Continuously monitor and assess the organization's security resilience and make recommendations for improvement based on industry’s best practices and emerging threats.

Individual Responsibilities:

• Lead and design cybersecurity solutions for large and complex programs and products.

• Develop strong cross-functional partnerships and provide clear, risk-based reporting to stakeholders.

• Influence stakeholders across the organization to drive maturity and improve security posture.

• Spearhead Application security & Vulnerability management controls globally and enable segments to implement solutions to meet their business needs.

• Provide cybersecurity leadership and strategic vision across the organization and in external forums.

• Leads highly visible multi-disciplinary project teams or initiatives with organizational wide risk and provides thought leadership.

• Proactively identifies and solves the most complex problems, uses game-changing methods to think beyond existing solutions.

• Drives communication of complex business and technical ideas that have an impact on Manulife’s strategic business direction.

Shared Responsibilities:

• Work with Line 2 (Risk) and Line 3 (Audit) to support any assessments

• Work with regulatory and compliance functions to address asks from regulators in various markets

• Participate in industry events to both showcase Manulife’s capabilities as well as build connectivity in the Canadian, USA and other markets

• Work with the GCS leadership to provide clear roadmaps, metrics and operational reporting to segment and other partners.

Preferred Qualifications:

• Strategic and Risk Management: Proven ability to develop long-term strategies aligned with organizational goals, prioritizing vulnerabilities effectively.

• Influence and Collaboration: Strong communication and collaboration skills to engage with global teams and influence security initiatives.

• Educational and Certification Requirements: Master’s degree in relevant fields and CISSP certification required; additional certifications preferred.

• Industry Leadership: Recognized thought leader with experience in managing large teams and influencing industry standards.

• Presentation Skill: Proficient in articulating complex concepts to diverse leadership levels through compelling storytelling and a clear, accessible communication style.

• Technical and Cybersecurity Expertise: Deep understanding of vulnerability management, security technologies, and evolving threats.

• Regulatory and Compliance: Knowledge of cybersecurity legislation and regulations, ensuring compliance and risk mitigation.

• Continuous Monitoring and Innovation: Commitment to continuous improvement through AI and machine learning to enhance security measures.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact [email protected].

Referenced Salary Location

Salary range is expected to be between

If you are applying for this role outside of the primary location, please contact [email protected] for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.

Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact [email protected] for more information about U.S.-specific paid time off provisions.