Senior Architect - Cybersecurity

Job Description:

The Senior Cybersecurity Architect is responsible for supporting projects that apply new and existing technologies and solutions to solve business needs in the cyber security space, for the US business segment. This Architect works with other architects, engineers, technical SMEs, and operational support staff both within IT and other business units to provide and maintain solutions that meet business and technical requirements.

The Architect will assist in the development of technology roadmaps and documentation; act as the subject matter expert in a variety of cyber security domains such as Identity and Access Management (IAM), SIEM integration, IR automation, etc. The Architect will maintain a solid understanding of the entire Information Security landscape. This role is a unique opportunity to join a team and company whose work will have direct impact on company direction, our customers, and our industry.

Office location: Toronto - Canada (preferred) or Boston - USA (alternative)

Work arrangement: Hybrid - 3 days in office, 2 days from Home; Remote working option is not available.

Position Responsibilities:

• Assist in the development of security strategies and implementation roadmaps centered around a Zero-Trust philosophy.

• Design security architecture for Security Operations and integration with SIEM (both in-cloud/on-prem).

• Develop and support key security solutions in the GRC, SOC, SIEM and IAM space.

• Understand complex modern and legacy integrations and business information models to ensure integrity and a strong security profile.

• Developing large enterprise solutions with respect to developing security controls, methods to mitigate security risks.

• Participate and lead conceptual, solution, and component-level architectures and associated artifacts.

• Support the evaluations of third-party suppliers, products and solutions with a focus on the security aspects of the solutions.

• Review, advise, and provide feedback on architectures produced within and outside the team.

• Develop reference architecture and reference implementation patterns related to security solutions.

• Participate in internal investigations and incident response events.

• Ability to influence security vendors to resolve issues and update roadmaps.

• Partner with other architects in IT, enterprise security and services teams in designing and maintaining modern and secure solutions.

• Research and evaluate impact of new vulnerabilities, security alerts and threat intelligence.

• Stay informed of new security technologies and solutions to assist in the on-going development of the overall security strategy.

• Build and maintain relationships with key customer's technical staff members and with internal stakeholders from IT, customer service and field operations.

• Promote a corporate culture that is committed to information security best practices.

• Participate in after-hours support as needed to respond to security incidents.

• Function with a high degree of integrity with an ability to keep information confidential.

• Be able to provide hands-on configuration and support for the projects and services you are involved in.

Required Qualifications:

• Minimum of 7+ years of relevant work experience related to cyber security.

• Experience and knowledge of security functions (AuthN, AuthZ, Transport Security, Secure Configuration, Data validation/sanitizations, security exceptions logging)

• Knowledge of Vault capabilities and Security Incident and Event management systems

• Experience with Threat modeling and secure testing methodologies.

• Experience with Cloud Native (12-Factor) Architecture and Infrastructure Patterns.

• Proficient across multiple operating systems such as Microsoft, Apple and Linux.

• Fundamental understanding of network protocols and network security concepts.

• Familiarity with Cloud (SaaS, IaaS, PaaS) environments and best practices for securing these environments with experience in Azure, AWS or GCP.

• Familiarity with incident response tools and digital forensics concepts preferred.

• Knowledge of industry frameworks such as NIST.

• Detail-oriented with strong conceptual, analytical, problem solving, decision making and planning skills.

• Must have the ability to utilize application, scripting and operating system commands to configure, debug, and monitor large scale production systems.

• Knowledge of modern software development lifecycles, including Agile and iterative development.

• Excellent written and oral communication skills; and demonstrated ability to interact with technical, non-technical, and business members of the organization.

• Ability to accurately interpret business direction and clarify technology's alignment with stakeholder needs.

Preferred qualifications:

• Bachelor’s Degree preferred, Master’s Degree a plus.

• CISSP or other security certifications are a plus.

For USA hirings, Base Salary range: $107,450 USD - $153,500 USD (mid-point) - $199,550 USD.

#LI-JH

The role being advertised is an existing vacancy.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services provider, helping people make their decisions easier and lives better. To learn more about us, visit https://www.manulife.com/en/about/our-story.html.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact hr@manulife.com.

Referenced Salary Location

Salary range is expected to be between

Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. If you are applying for this role outside of the primary location, please contact hr@manulife.com for the salary range for your location.

Manulife offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in Canada includes holidays, vacation, personal, and sick days, and we offer the full range of statutory leaves of absence. If you are applying for this role in the U.S., please contact hr@manulife.com for more information about U.S.-specific paid time off provisions.

We use data and analytics technologies, such as artificial intelligence (AI), and automated processing tools, to analyze and process the information you provide to us or third parties in the application process. For more information, please refer to our personal information collection statement.