Vice president of cyber defense strategy and resiliency

Manulife is at the forefront of cybersecurity innovation, safeguarding critical assets with a sophisticated security program. We are seeking a visionary leader to fill the role of Vice President of Cyber Defense Strategy and Resiliency. This executive position is pivotal in shaping the strategic direction of our application security initiatives across all global operations and business lines.

As the Vice President of Cyber Defense Strategy and Resiliency, you will spearhead the development and execution of an enterprise-wide security strategy, ensuring robust protection of our digital infrastructure against evolving threats. Your leadership will drive the integration of security policies into the software development lifecycle, ensuring compliance with regulatory mandates and adherence to industry best practices. Your role will be instrumental in balancing security resilience with business innovation, particularly in the realms of GenAI and AI technologies.

This executive role demands a visionary leader who can drive innovation and resilience in Manulife's cybersecurity posture, ensuring the protection of our global assets while enabling transformative business growth.

• Lead the strategic direction of our Vulnerability Management and Application Security programs, ensuring alignment with our global business objectives
• Collaborate with business units to tailor security controls to specific threat landscapes, driving maturity and resilience across teams and services.
• Maintain a security roadmap that aligns with both cyber and business strategies, meeting regulatory and compliance requirements.
• Present to the executive teams across the globe on the current security posture and identify systemic issues.

• Mature the existing operating model to provide centralized security services for the identification, assessment and risk-based prioritization of all vulnerabilities.
• Cultivate and lead a high-performing team of cybersecurity experts, fostering a culture of continuous improvement and proactive security measures.
• Drive intelligent remediation through engineering excellence and runtime enforcement, minimizing risk exposure and enhancing security maturity.
• Develop a proactive approach through tools, processes and people to drive a culture of continuous improvement
• Collaborate with segment partners to integrate security controls into Dev Sec Ops  and security SDLC practices aligned with industry standards and best practices (OWASP, NIST).

• Lead the design and implementation of AI-driven solutions for automated vulnerability detection, prioritization, and remediation.
• Oversee the integration of predictive analytics to forecast emerging threats and vulnerabilities.
• Implement AI-powered anomaly detection for real-time monitoring of applications and infrastructure vulnerabilities and gaps.
• Develop automated response frameworks that leverage AI to identify high-impact vulnerabilities and recommend context-aware remediation paths that align with business priorities.
• Leverage AI-powered solutions based on different CI/CD pipelines used across the organization to enable automated remediation and reporting of vulnerabilities.
• Provide expert guidance and support to business units leveraging AI and GenAI technologies, ensuring that security considerations are effectively integrated into their initiatives

• Ensure alignment with OSFI and other regulatory frameworks, delivering executive-level insights to the Board and Senior Management.
• Ensure segment-level OKRs are aligned with enterprise goals for security awareness and remediation acceleration.
• Collaborate with Line 1b, Line 2, and Internal Audit teams on security governance matters.
• Work with segment partners to implement appropriate security controls that align with audit, regulatory and compliance requirements.

• Drive the integration of security resilience principles and practices into Application security and vulnerability management practices.
• Develop risk-based prioritization for the patching, remediation and protection of critical assets and processes to drive and support their resilience.
• Work with Security Operations teams to ensure that incident response and recovery processes are designed to minimize the impact of security incidents on business operations and maintain the organization's resilience.
• Continuously monitor and assess the organization's security resilience and make recommendations for improvement based on industry’s best practices and emerging threats.

• Lead and design cybersecurity solutions for large and complex programs and products.
• Develop strong cross-functional partnerships and provide clear, risk-based reporting to stakeholders.
• Influence stakeholders across the organization to drive maturity and improve security posture.
• Spearhead Application security &…