Manager, Application Security

We are a leading financial services provider committed to making decisions easier and lives better for our customers and colleagues around the world. From our environmental initiatives to our community investments, we lead with values throughout our business. To help us stand out, we help you step up, because when colleagues are healthy, respected and meaningfully challenged, we all thrive. Discover how you can grow your career, make impact and drive real change with our Winning Team today. 

Working Arrangement

Job Description

The opportunity

The customer is the focus of everything we do, and millions of end users rely on our products and services daily. We believe in the value of empowering our Managers, Application Security with the resources to enhance and achieve our business performance objectives for the future of our business, which is why we need you. 

This position oversees and supports the key controls governance processes within the first line of defense. We help line 1b business units to ensure uninterrupted BAU on a day-to-day basis by effectively managing their information and operational risks. To achieve this, we need to ensure success in maintaining internal controls and liaison with Manulife’s line 2b of defense that owns Manulife control policies and standards.   

What motivates you?

• You obsess about customers, listen, engage and act for their benefit.

• You think big, with curiosity to discover ways to use your agile approach and enable business outcomes.

• You thrive in teams and enjoy getting things done together.

• You take ownership and build solutions, focusing on what matters.

• You do what is right, work with integrity and speak up.

• You share your humanity, helping us build a diverse and inclusive work environment for everyone.

On the job you will:

• Take ownership of the Application security portfolio, helping to drive best practices, conducting security testing (automatic, manual), creating new ways to solve security issues and implemented application security controls based from Manulife Standard and Policies;

• Day to day duties include testing and validation of vulnerability findings from External Pentesters, Security Researchers from Bug Bounty Platforms, provide advisory to the Development teams on how to resolve the vulnerabilities, provide insights and review on Architectural change on the Application;

• Support the IT Protection program with focus on the application security domains;

• Interact with the country's developers and AppSec champions to provide guidance, best practices and technical assistance in addressing application security issues will be part of the responsibility;

• Provide expertise that ensures key checks and balances are completed to hold the 1LoD to account;

• Collaboratively work with application development / AppSec champions and guide them to follow the security processes set in the SDLC gates.

• Support and provide guidance to 1 LoD on risks mitigation strategies and remedial actions;

• Work with stakeholders across the countries to promote consistent IT, Data and Application security best practices, standards and other company-wide initiatives;

• Manage and update Key Performance Indicators (KPI’s) assigned for the team;

• Managing monthly Application Security meetings and coordinating training for development staff;

• Manage new projects and initiatives as needs arise and performs related duties as required.

What we are looking for:

• University graduate with minimum 5 years of experience or more of related technology risk, application security, or information security experience

• Understands application security vulnerabilities, different application security testing methodologies and related application security tools

• Technical knowledge of application and Data security tools (e.g. DLP, NAC, SAST, DAST, WAF)

• Knowledge on the following but not limited to the following technologies and/or security concept: Diverse Hybrid Cloud Computing, Security Automation, API Security, Web application Security Risks, Cloud security controls & technologies, source code/pen-test/vulnerability scanning tools, Devops pipeline, Infrastructure as a code, Kubernetes and Containers;  

• Experience in planning, designing and implementing an overall risk management process for a financial organization;

• Good communication skills and able to work with onshore and off-shore teams;

• Past experience in Regional role is advantageous;

• Holding qualification of CISA, CISSP, CEH and PMP is preferable;

• Other certifications such as OSCP, OSCE, GIAC Web Application Penetration Tester (GWAPT) will bean advantage.

Core Competencies and Skills:

• Able to effectively articulate technical vision, possibilities, and outcomes through strong verbal and written communication

• Solid technology background and risk management sense and how they can impact the business

• Knowledge of latest technology development and financial services / insurance business an advantage

• Self-driven, able to meet objectives with a minimal amount of managerial oversight/supervision;

• Can distil complex issues into simple reports, solutions, and designs

• Good analytical, teamwork capability and able to work independently

• Good interpersonal communication, management and presentation skills

• A team player who is able to interact with other control functions on project delivery

• Proficient in English, both verbal and written, proficiency in other Asian language would be a plus

What can we offer you?

• A competitive salary and benefits packages.

• A growth trajectory that extends upward and outward, encouraging you to follow your passions and learn new skills.

• A focus on growing your career path with us.

• Flexible work policies and strong work-life balance.

• Professional development and leadership opportunities.

Our commitment to you

• Values-first culture
  We lead with our Values every day and bring them to life together.

• Boundless opportunity
  We create opportunities to learn and grow at every stage of your career.

• Continuous innovation
  We invite you to help redefine the future of financial services.

• Delivering the promise of Diversity, Equity and Inclusion
  We foster an inclusive workplace where everyone thrives.

• Championing Corporate Citizenship
  We build a business that benefits all stakeholders and has a positive social and environmental impact.

About Manulife and John Hancock

Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, Canada, we operate as Manulife across our offices in Asia, Canada, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, and wealth and asset management solutions for individuals, groups and institutions. At the end of 2022, we had more than 40,000 employees, over 116,000 agents, and thousands of distribution partners, serving over 34 million customers. At the end of 2022, we had $1.3 trillion (US$1.0 trillion) in assets under management and administration, including total invested assets of $0.4 trillion (US $0.3 trillion), and segregated funds net assets of $0.3 trillion (US$0.3 trillion). We trade as ‘MFC’ on the Toronto, New York, and the Philippine stock exchanges, and under ‘945’ in Hong Kong.

Manulife is an Equal Opportunity Employer

At Manulife/John Hancock, we embrace our diversity. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention, advancement and compensation, and we administer all of our practices and programs without discrimination on the basis of race, ancestry, place of origin, colour, ethnic origin, citizenship, religion or religious beliefs, creed, sex (including pregnancy and pregnancy-related conditions), sexual orientation, genetic characteristics, veteran status, gender identity, gender expression, age, marital status, family status, disability, or any other ground protected by applicable law. 

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will work with applicants who request a reasonable accommodation during the application process. All information shared during the accommodation request process will be stored and used in a manner that is consistent with applicable laws and Manulife/John Hancock policies. To request a reasonable accommodation in the application process, contact recruitment@manulife.com.