Manulife · Toronto, On, CanadaPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Manulife is a leading international financial services provider, helping people make decisions easier and lives better. Help shape the future you want to see - and discover that better can take you anywhere you want to go. We are seeking an experienced Senior Application Security Specialist to join our team. The successful candidate will play a critical role in establishing and maintaining our security and risk governance frameworks. This role involves monitoring threats, assessing vulnerabilities, and ensuring compliance with organization's standards and regulatory requirements. Position Responsibilities Perform code scanning, validation, tuning, and optimization using SAST, DAST, and SCA tools (e.g., Snyk, Burp Suite, SonarQube, Veracode, and Checkmarx) to ensure accurate, prioritized, and actionable remediation results. Conduct penetration testing, code scanning, secrets management (GitGuardian), and threat modeling for business applications to determine risk ratings and prioritize the vulnerabilities discovered along with the organization's remediation timelines. Execute intake, triage, analysis, and reporting procedures for security assessments. Experience working with code repositories such as GitHub and with CI/CD pipelines in Azure DevOps. Coordinate assessment and risk analysis activities, evaluate governance processes, and recommend improvement opportunities. Supports establishment, development, and maintenance of risk governance frameworks, risk assessment methodologies, risk metrics reporting, and risk management compliance protocols. Conduct vulnerability assessments and prioritize remediation activities in collaboration with stakeholders. Document findings and collaborate with cross-functional teams to implement corrective actions. Work closely with senior security engineers, product partners, architects, and cross‑functional teams in Agile/DevOps environments. Communicate risk and compliance assessments and recommendations to business units and senior management. Lead and participate in meetings to review outstanding vulnerabilities and clarify business and technical impacts. Develop and report actionable KPIs and KRIs aligned with application security policies and standards. Analyze cyber defense policies for compliance with regulations and organizational standards. Lead meetings to analyze risk indicators and develop executive-level dashboards. Maintain comprehensive documentation of governance processes and contribute to policy updates. Stay updated on evolving cybersecurity threats and contribute to enhancing risk reporting processes. Provide professional advice and take a lead role in process or program execution. Be accountable for own work and contribute to setting standards through expertise in own job discipline that impacts other deliverables. Required Qualifications Strong understanding of information security controls, vulnerability management, and risk management frameworks (NIST CSF, ISO 27001/27002). Experience working with Cloud technologies (Azure, AWS, Ali Cloud) Knowledge of cybersecurity principles, internal controls, and risk management tools. Proficiency in data visualization tools (Tableau, Power BI) and statistical data analysis. Hands‑on experience with tools such as JIRA, Confluence, and Microsoft 365. Experience with cybersecurity assessment frameworks (PTES, OWASP, OSSTM) and penetration testing. Understanding of legal and regulatory requirements related to cybersecurity and IT governance. Excellent communication skills to effectively convey risk assessments and security recommendations. Knowledge of ticketing and tracking tools such as ServiceNow - Security Operations, GRC systems like Archer. Understanding of legal and regulatory requirements related to technology risk management Familiarity with cybersecurity governance frameworks and their implementation Knowledge of statistical data analysis and reporting toolsets In-depth knowledge of risk assessment methodologies and risk management frameworks. Proficiency in using risk assessment tools and software.
How well this role fits your profile.
Worked at manulife? Share your experience