Senior Application Security Specialist

Manulife is a leading international financial services provider, helping people make decisions easier and lives better. Help shape the future you want to see - and discover that better can take you anywhere you want to go.

We are seeking an experienced Senior Application Security Specialist to join our team. The successful candidate will play a critical role in establishing and maintaining our security and risk governance frameworks. This role involves monitoring threats, assessing vulnerabilities, and ensuring compliance with organization’s standards and regulatory requirements.

Position Responsibilities

• Perform code scanning, validation, tuning, and optimization using SAST, DAST, and SCA tools (e.g., Snyk, Burp Suite, SonarQube, Veracode, and Checkmarx) to ensure accurate, prioritized, and actionable remediation results.

• Conduct penetration testing, code scanning, secrets management (GitGuardian), and threat modeling for business applications to determine risk ratings and prioritize the vulnerabilities discovered along with the organization's remediation timelines.

• Execute intake, triage, analysis, and reporting procedures for security assessments.

• Experience working with code repositories such as GitHub and with CI/CD pipelines in Azure DevOps.

• Coordinate assessment and risk analysis activities, evaluate governance processes, and recommend improvement opportunities.

• Supports establishment, development, and maintenance of risk governance frameworks, risk assessment methodologies, risk metrics reporting, and risk management compliance protocols.

• Conduct vulnerability assessments and prioritize remediation activities in collaboration with stakeholders.

• Document findings and collaborate with cross-functional teams to implement corrective actions.

• Work closely with senior security engineers, product partners, architects, and cross‑functional teams in Agile/DevOps environments.

• Communicate risk and compliance assessments and recommendations to business units and senior management.

• Lead and participate in meetings to review outstanding vulnerabilities and clarify business and technical impacts.

• Develop and report actionable KPIs and KRIs aligned with application security policies and standards.

• Analyze cyber defense policies for compliance with regulations and organizational standards.

• Lead meetings to analyze risk indicators and develop executive-level dashboards.

• Maintain comprehensive documentation of governance processes and contribute to policy updates.

• Stay updated on evolving cybersecurity threats and contribute to enhancing risk reporting processes.

• Provide professional advice and take a lead role in process or program execution.

• Be accountable for own work and contribute to setting standards through expertise in own job discipline that impacts other deliverables.

Required Qualifications

• Strong understanding of information security controls, vulnerability management, and risk management frameworks (NIST CSF, ISO 27001/27002).

• Experience working with Cloud technologies (Azure, AWS, Ali Cloud)

• Knowledge of cybersecurity principles, internal controls, and risk management tools.

• Proficiency in data visualization tools (Tableau, Power BI) and statistical data analysis.

• Hands‑on experience with tools such as JIRA, Confluence, and Microsoft 365.

• Experience with cybersecurity assessment frameworks (PTES, OWASP, OSSTM) and penetration testing.

• Understanding of legal and regulatory requirements related to cybersecurity and IT governance.

• Excellent communication skills to effectively convey risk assessments and security recommendations.

• Knowledge of ticketing and tracking tools such as ServiceNow - Security Operations, GRC systems like Archer.

• Understanding of legal and regulatory requirements related to technology risk management Familiarity with cybersecurity governance frameworks and their implementation

• Knowledge of statistical data analysis and reporting toolsets

• In-depth knowledge of risk assessment methodologies and risk management frameworks.

• Proficiency in using risk assessment tools and software.

Preferred Qualifications

• CISSP, CSSLP, OSCP, GWAPT or equivalent industry-recognized security certifications.

  Cybersecurity, Security Monitoring

  Vulnerability Assessment, Penetration Testing

  Threat Modeling, Security Assessment, Security Testing

  Cyber Threat Intelligence

When You Join Our Team

• • We’ll empower you to learn and grow the career you want.

• • We’ll recognize and support you in a flexible environment where well‑being and inclusion are more than just words.

• • As part of our global team, we’ll support you in shaping the future you want to see.

The role being advertised is an existing vacancy.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com.

Referenced Salary Location

Salary range is expected to be between

Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. If you are applying for this role outside of the primary location, please contact hr@manulife.com for the salary range for your location.

Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact hr@manulife.com for more information about U.S.-specific paid time off provisions.

We use data and analytics technologies, such as artificial intelligence (AI), and automated processing tools, to analyze and process the information you provide to us or third parties in the application process. For more information, please refer to our personal information collection statement.