Act as technical security lead for secure development, proactive security assessments and technical initiatives with high complexity. This role will participate in key projects and initiatives ensuring information risk is always considered, proactively assessed and technical analysis of the Bank's information security controls using open source and commercial tools.
The candidate will be hired and located at Manulife Bank’s headquarters in Waterloo, ON, reporting directly to the Technology and Security Manager. Work Smart program is available - the ability to work remotely.
- Analyze, design, modify or build application components of medium and high complexity while ensuring adherence to quality standards.
- Contribute to successful change including new ways of doing business by modeling the required behaviors
- Ensure comprehensive and appropriate documentation at all stages, with a focus on information classification, flow and control environment
- Conduct reviews as required throughout SDLC.
- Support test phases executed by Business Analysts and business representatives.
- Apply technical and business knowledge to identify, analyze and solve production problems. Provide off hours support if required.
- Keep current on development, and champion standards, technologies, and methodologies.
- Provide technical leadership on large implementations.
- Take a broad view of information security by overseeing security controls in business and technology solutions by leveraging global risk assessment processes.
- Determine security requirements by evaluating business strategies and requirements; researching information security standards; conducting system security and vulnerability analyses, support risk assessments; study architecture/platform and identifying integration issues.
- Plans, research and design robust security architectures;
- Deep technical understanding of and experience with security technologies including, but not limited to: single sign-on, active directory, multi-factor authentication, certificate management, virtualization, privilege account management, web services, event correlation, policy and standard enforcement, vulnerability and configuration management, application security.
- Reducing information risk exposures by supporting infrastructure for proactively identifying, managing, monitoring and reporting on critical information risk exposures through cyber analysis, vulnerability scans, architectural risk assessments, and penetration testing.
- Provide advisory and recommendations based on the add-value analysis on IT deficiencies from Audit and Risk Acceptance reports
- Provide advisory around current and emerging technology risks and their impact to the company’s information risk profile
- Investigate, document and report on Cyber security issues/events, threat and vulnerability analysis related to existing system portfolio, log analysis to identify anomalies and have an ongoing view into emerging threats.
- Support incident response process when an actionable incident is detected.
Knowledge & Skills:
- Strong knowledge of the cyber security threat landscape, IT security trends and offensive risk management mitigation tools and techniques.
- Strong knowledge of structured analysis and design techniques.
- Thorough understanding and practical application of analytical tools and methodologies, design concepts, programming techniques and agile methodologies.
- Proficiency programming in Enterprise Java & J2EE, c# .net framework, full stack developer.
- Partnering and collaborating for win-win solutions
- Information Technology/Application/Platform/Network/Cloud Based Environments, Information Risk Management, Audits, Security Solutions ideally with some of that time spent in a large and complex organization.
- Practices and methods of IT strategy, enterprise architecture and security architecture
- Innovative problem-solving skills with the proven ability to exercise flexibility and judgment.
- Ability to learn, know and act upon what’s important to Manulife and business units. Driven by achieving defined goals.
- Proven ability to build relationships, engage and influence others, work with a diverse internal and international user community, as well as vendors.
- Strong interpersonal skills, including demonstrated ability to be sensitive and professional when communicating across geographical and cultural boundaries.
- Ability to work independently and collaboratively simultaneously, while managing multiple priorities within tight deadlines.
- Proven ability to multi-task, manage and work on tasks concurrently.
- Good interpersonal communication, management and presentation
- Identifying and implementing opportunities to optimize the solutions for business and systems.
- Recognizing when assignments are deviating from established plans; determining causes and proposing solutions to management.
- Exercising influence with business partners without having managerial authority.
- Managing multiple or conflicting priorities while successfully completing assignments.
- Keeping technology and business skills current in changing environments.
- Have a deep understanding of Bank technologies, their data flows and layers of control as they relate to information and cyber security.
Education and experience required:
- Post-secondary education or 4-6 years development experience or business systems analysis.
- At least 4-6 years cyber security related experience, or any combination of related analysis, intelligence, investigations, penetration testing, Red Team or other relevant proactive risk management experience demonstrating equivalency.
- Desired professional certifications or designations in IT security: CISSP, CISM, CISA, CompTIA Security+, CEH, GXPN
- Knowledge of MITRE ATT&CK framework an asset.