John Hancock Security Architect in Boston, Massachusetts

Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference and a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.

Seeking high energy, self-starter to join as a Security Architect in Divisional Engineering Team. The Security Architect, will be knowledgeable in many domains of security, will take the lead in defining application and information security strategy, engineering solutions and managing roadmaps. The role will partner with IRM and platform services in defining and implementing divisional security standards and guidelines. Working with BU development teams on various IAM related projects, vendor solution upgrades and leading POCs will be key focus areas of this role

Key Responsibilities

  • Work closely with BU development teams to accelerate IAM integration efforts by leveraging expert knowledge in ISAM tool.

  • Participate in defining reference security architecture for the division and take lead in implementation efforts.

  • Interact with divisional and global IRM team to help them define IAM standard and guidelines.

  • Engage with security industry vendors and divisional and global teams to evaluate new products and solutions, including security system upgrades

  • Serve as an internal information security advisor and subject matter expert to the organization and on various projects, ensuring that common architecture decisions are implemented consistently across business and IT.

  • Stays current in the latest information and application security knowledge, including new and emerging threats and vulnerabilities.


  • Bachelor’s degree in Computer Science or equivalent work experience, Master’s degree is a plus

  • 7-10 years’ work experience, 2-3 years of defining and implementing enterprise security architecture

  • Prior working experience with financial services industry or banking is a plus

Technical Skills

  • Expert knowledge of IBM Identity and Access Management Tools (ISAM, TAM, TDI etc.) is must.

  • Knowledge of security industry standards and best practices – NIST, CSA, CIS etc.

  • Expert knowledge of protocols underpinning the web - TCP/IP, HTTP, SSL/TLS, BGP, cybersecurity concepts covering network through application layers

  • Experience in the design and deployment of end user web access and control infrastructure

  • Experience securing mobile applications, how security is managed on Android, iOS and Windows mobile platforms.

  • Experience with virtual and cloud environments and various security protocols.

  • Understanding of Identity As A Service, SOA and API development and management concepts.

  • Understanding of security platforms, Proxy, End Point Protection, Web Application Firewall, Intrusion Prevention, Vulnerability Scanning, File Integrity Management, IAM Solutions

  • Understanding of enterprise infrastructure components – DNS, AD, Radius, Kerberos and PKI Management.

  • Expertise in Windows, Mac and/or Linux platforms.

  • Expertise in Programming language – Java or .Net

  • Scripting experience with JavaScript, Perl, Python, Powershell etc.

  • Expertise in Databases, Middleware, Application Server

  • Experience with penetration testing and vulnerability scanning tools

Other skills

  • Tech savvy, strong analytical and problem solving skills, specifically the ability to navigate multiple complex systems simultaneously to respond to client inquiries

  • Excellent organizational and time management skills; ability to manage multiple priorities

  • Demonstrated skills, capabilities and experience in a consulting role, negotiating and relationship-building,

  • Strong communication skills - verbal, written and presentation; ability to adapt content to various audiences and communicate effectively at various levels of the organization.

  • Must be willing to take direction and work collectively within the team and/or independently with minimal supervision, with strong sense of ownership and accountability.

About John Hancock Financial and Manulife

John Hancock is a division of Manulife, a leading Canada-based financial services group with principal operations in Asia, Canada and the United States. Operating as Manulife in Canada and Asia, and primarily as John Hancock in the United States, our group of companies offers clients a diverse range of financial protection products and wealth management services through its extensive network of employees, agents and distribution partners. Assets under management and administration by Manulife and its subsidiaries were $1 trillion (US $754 billion) as at March 31, 2017. Manulife Financial Corporation trades as 'MFC' on the TSX, NYSE and PSE, and under '945' on the SEHK. Manulife can be found on the Internet at

The John Hancock unit, through its insurance companies, comprises one of the largest life insurers in the United States. John Hancock offers and administers a broad range of financial products, including life insurance, annuities, investments, 401(k) plans, long-term care insurance, college savings, and other forms of business insurance. Additional information about John Hancock may be found at



Organization: *US Division IT

Title: Security Architect

Location: MA-Boston

Requisition ID: 1707122