Senior Cybersecurity Specialist

We are seeking an expert Senior Cybersecurity Specialist to strengthen our Cyber, Security, Risk & Controls (CSRC) organization. In this role, you will help establish and maintain cybersecurity governance frameworks, assess emerging threats, evaluate vulnerabilities, and ensure compliance with organizational standards and regulatory requirements. You will work closely with engineering, product, and risk partners to guide secure development practices and improve our overall security posture.

This position is essential to maintaining continuity in our cybersecurity operations following the departure of the previous role holder.

• Support the development, implementation, and continuous improvement of cybersecurity governance frameworks, risk methodologies, and compliance processes.
• Conduct penetration testing, code scanning, threat modeling, vulnerability assessments, and prioritize remediation based on risk levels and business impacts.
• Configure, validate, and optimize SAST, DAST, and SCA tools (e.g., Veracode, Snyk, Sonar Qube, Burp Suite) to ensure high‑quality results and actionable insights.
• Lead security assessment intake, triage, documentation, and reporting activities, collaborating with technical teams to implement corrective actions.
• Communicate risk findings, governance improvements, KPIs, and KRIs to senior leaders, and contribute to executive‑level dashboards and risk reporting.

• Strong understanding of information security controls, vulnerability management, and risk management frameworks such as NIST CSF and ISO 27001/27002.
• Proficiency with security tools including SIEM, IDS/IPS, endpoint protection, vulnerability scanners, and application security testing platforms.
• Experience with cybersecurity assessment frameworks (OWASP, PTES, OSSTM) and penetration testing techniques.
• Strong analytical and reporting skills, including experience with data visualization tools (Power BI, Tableau).
• Excellent written and verbal communication skills, with the ability to convey risks and recommendations to both technical and business stakeholders.

• Industry‑recognized cybersecurity certifications such as CISSP, CSSLP, OSCP, or equivalent.
• Experience with Service Now Security Operations, Archer GRC, and cloud security (Azure, AWS).
• Knowledge of regulatory requirements related to cybersecurity and technology risk management.
• Ability to collaborate effectively in Agile/Dev Ops environments with cross‑functional teams.
• Experience developing executive dashboards, KPIs, and KRIs for cybersecurity and risk reporting.

• • We’ll empower you to learn and grow the career you want.
• • We’ll recognize and support you in a flexible environment where well‑being and inclusion are more than just words.
• • As part of our global team, we’ll support you in shaping the future you want to see.

マニュライフ・ファイナンシャル・コーポレーションは、「あなたの未来に、わかりやすさを」を提供する、国際的な大手金融サービスプロバイダーです。当社について詳しくは、 をご覧ください。

マニュライフ/ジョン・ハンコックでは、多様性を受け入れます。私たちは、サービス提供先であるお客さまと同様に、多様な人材を引きつけ、育成し、定着させ、文化や個人の力を受け入れる包括的な職場環境を促進するよう努めています。当社は公正な採用、定着、昇進、報酬に努めています。当社のすべての慣行およびプログラムは、人種、祖先、出身地、肌の色、民族的出自、市民権、宗教または宗教的信念、信条、性別（妊娠および妊娠関連の状態を含む）、性的指向、遺伝的特徴、退役軍人としての地位、性自認、性に関する表明、年齢、婚姻状況、家族状況、障害、または適用法で保護されるその他の要因に対する一切の差別を行うことなく管理されます。

雇用への平等なアクセスを提供するために、障壁を取り除くことが当社の優先事項です。人事担当者は、応募者が応募プロセス中に合理的配慮を要求する場合に協力します。配慮要求のプロセス中に共有されるすべての情報は、適用される法律およびマニュライフ/ジョン・ハンコックのポリシーに準拠した方法で保存および使用されま…