• Director, Cybersecurity Regulatory Compliance…

    Manulife (Boston, MA)


    The Opportunity

     

    Work location: Boston - USA

     

    Work arrangement: Hybrid - 3 days in office, 2 days from Home; Remote working arrangement is not available;

     

    As Director of Cybersecurity Compliance Program (CCP) for John Hancock, you will be a critical part of the Cybersecurity, Resilience & Governance leadership team, reporting directly to the John Hancock Chief Information Security Officer (CISO) as the CCP Program manager. You will be responsible for all cybersecurity regulatory compliance activities carried out for our Life Insurance, Long-Term Care, Annuities, and High Net Worth lines of business. You will also develop and maintain collaborative working relationships with other lines of business and global teams supporting multiple John Hancock legal entities for comprehensive cybersecurity regulatory compliance oversight. You will provide proactive identification and management of compliance issues, support the John Hancock CISO with annual board reporting, and be the primary point of contact for our Legal and Compliance departments on all cybersecurity regulatory compliance matters.

     

    This role offers you the opportunity to lead and influence in a function that continues to grow and mature in our company. You will work closely and regularly with many cross-functional teams including local and global IT and security teams, Distributions, Procurement, Human Resources, Risk, Audit, Privacy, Legal, and Compliance, as well as external parties. You will build and develop your risk and compliance analytical skills and will have regular opportunities to present to and advise executive management across multiple functions locally and globally.

    Duties & Responsibilities

    + Develop and deliver on the John Hancock Cybersecurity Regulatory Compliance Program strategy, operating model, and execution plans.

    + Maintain ongoing knowledge and understanding of applicable regulatory and industry requirements and provide subject matter expertise on new and changing laws and regulations.

    + Advise subject matter experts on applicable regulatory and industry requirements, identify compliance issues, and help develop corrective action plans where needed.

    + Collaborate with other Cybersecurity, Resilience & Governance leads to collectively monitor and maintain effective cybersecurity operations and technical controls.

    + Report on cybersecurity regulatory compliance initiatives, posture, and key areas of risk to senior and executive leadership, and provide close support to the CISO on annual board reporting.

    + Lead and manage cybersecurity due diligence for our US distribution partners (agents and producers).

    + Lead and coordinate responses for all external inquiries (i.e. regulatory exams, client security questionnaires) on cybersecurity operations and technical controls.

    + Lead and manage the US Segment IT organization through the Information Risk Management policies and standards refresh process, ensuring key stakeholders understand proposed changes and facilitating feedback

    + Support other IT and security initiatives as needed.

    Technical Qualifications

    + Knowledge of cybersecurity laws and regulations, including HIPAA, SEC/OCIE, OSFI, NYDFS Cybersecurity Regulation and/or other state adoptions of NAIC model laws.

    + Knowledge of industry standards and cybersecurity frameworks, including ISO 27000, NIST, COBIT, COSO, and/or ITIL.

    + Experience conducting risk assessments and/or compliance reviews and applying risk management frameworks aligned with regulatory and industry requirements.

    + Experience responding to regulatory exam and audit requests, including collection, review, and submission of documentation and/or preparing subject matter experts for interviews.

    + Experience providing a service-oriented approach to managing risk and compliance with cross-functional, global, and enterprise-wide teams.

    Minimum Requirements

    + 4+ years of audit, risk, legal, and/or compliance experience. Insurance or financial industry and/or IT and information security experience preferred.

    + Bachelor’s degree or 4 additional years of related experience. Master’s degree or Juris Doctor a plus.

    + Related industry certification (e.g., CRISC, CISSP, CISA) a plus.

    + Strong time management and organizational skills.

    + Strong written and verbal communication skills.

    + Strong working knowledge of Microsoft Office tools. Experience with Archer eGRC a plus.

    ニュライフとジョン・ハンコックについて

    ニュライフ・ファイナンシャル・コーポレーションは、「あなたの未来に、わかりやすさを」を提供する、国際的な大手金融サービスプロバイダーです。当社について詳しくは、 https://www.manulife.co.jp/ lをご覧ください。

    ニュライフは機会均等を是とする雇用主です

    ニュライフ/ジョン・ハンコックでは、多様性を受け入れます。私たちは、サービス提供先であるお客さまと同様に、多様な人材を引きつけ、育成し、定着させ、文化や個人の力を受け入れる包括的な職場環境を促進するよう努めています。当社は公正な採用、定着、昇進、報酬に努めています。当社のすべての慣行およびプログラムは、人種、祖先、出身地、肌の色、民族的出自、市民権、宗教または宗教的信念、信条、性別(妊娠および妊娠関連の状態を含む)、性的指向、遺伝的特徴、退役軍人としての地位、性自認、性に関する表明、年齢、婚姻状況、家族状況、障害、または適用法で保護されるその他の要因に対する一切の差別を行うことなく管理されます。

    用への平等なアクセスを提供するために、障壁を取り除くことが当社の優先事項です。人事担当者は、応募者が応募プロセス中に合理的配慮を要求する場合に協力します。配慮要求のプロセス中に共有されるすべての情報は、適用される法律およびマニュライフ/ジョン・ハンコックのポリシーに準拠した方法で保存および使用されます。申請プロセスにおいて合理的配慮を要求するには、 [email protected] までご連絡をお願いします。

     

    Referenced Salary Location

     

    Boston, Massachusetts

    Working Arrangement

    イブリッド勤務

     

    Salary range is expected to be between

     

    $124,250.00 USD - $230,750.00 USD

     

    If you are applying for this role outside of the primary location, please contact [email protected] for the salary range for your location. The actual salary will vary depending on local market conditions, geography and relevant job-related factors such as knowledge, skills, qualifications, experience, and education/training. Employees also have the opportunity to participate in incentive programs and earn incentive compensation tied to business and individual performance.

     

    Manulife/John Hancock offers eligible employees a wide array of customizable benefits, including health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage, adoption/surrogacy and wellness benefits, and employee/family assistance plans. We also offer eligible employees various retirement savings plans (including pension/401(k) savings plans and a global share ownership plan with employer matching contributions) and financial education and counseling resources. Our generous paid time off program in the U.S. includes up to 11 paid holidays, 3 personal days, 150 hours of vacation, and 40 hours of sick time (or more where required by law) each year, and we offer the full range of statutory leaves of absence.

     

    Know Your Rights (http://dol.gov/agencies/ofccp/posters?utm\_medium=email&utm\_source=govdelivery) **I** **Family & Medical Leave (https://www.dol.gov/agencies/whd/fmla/posters) I Employee Polygraph Protection (https://www.dol.gov/sites/dolgov/files/WHD/legacy/files/eppac.pdf) I** **Right to Work (https://www.e-verify.gov/sites/default/files/everify/posters/IER\_RightToWorkPoster%20Eng\_Es.pdf) I** **E-Verify (https://e-verify.uscis.gov/web/media/resourcesContents/E-Verify\_Participation\_Poster\_ES.pdf) I** **Pay Transparency (https://www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp\_%20English\_formattedESQA508c.pdf)**

     

    Company: John Hancock Life Insurance Company (U.S.A.)