Cybersecurity Regulatory Compliance Analyst

Manulife Boston , MA 02298

Posted 2 months ago

Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference, within a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.

Job Description

If you are passionate about Cyber Security, this opportunity might be for you!

We are looking for an Analyst to be part of the John Hancock Cybersecurity Regulatory Compliance Program. In this role, you will provide support to the program Lead. You will be responsible for assisting with all program activities as well as developing collaborative working relationships with business unit IT teams and global teams supporting John Hancock business units.

You will proactively identify and handle cybersecurity regulatory compliance issues and support business units for all related matters.

If you are interested to deepen your experience in Compliance and help us strengthen our program, let's talk!

Duties & Responsibilities

  • Assist in delivering our cyber strategy, operating model, and execution plans.

  • Assist in assessing cybersecurity operations and technical control environments against regulatory and industry requirements to identify compliance issues and help develop corrective action plans.

  • Assist in monitoring and maintaining effective cybersecurity operations and technical control environments in accordance with regulatory and industry requirements.

  • Assist in delivering regular reporting on cybersecurity operations and technical control environments, ongoing compliance initiatives, and key areas of risk to executive- and board-level management.

  • Assist in leading and coordinating regulatory exams and other reviews of cybersecurity operations and technical control environments.

  • Maintain an ongoing knowledge and understanding of applicable regulatory and industry requirements.

  • Support other business unit IT and security initiatives as needed.

Technical Qualifications

  • Knowledge of cybersecurity laws and regulations, including HIPAA, SEC/OCIE, CFTC/NFA, OSFI, NYDFS Cybersecurity Regulation and other state adoptions of NAIC model laws.

  • Knowledge of industry standards and cybersecurity frameworks, including ISO 27000, NIST, COBIT, COSO, and ITIL.

  • Experience conducting risk assessments and compliance reviews and applying risk management frameworks aligned with regulatory and industry requirements.

  • Experience responding to regulatory exam and audit requests, including collection, review, and submission of documentation and other supporting materials.

  • Experience providing a service-oriented approach to managing risk and compliance with cross-functional and enterprise-wide teams.

Minimum Requirements

  • Bachelor's degree or 4 additional years of related experience. Master's degree or Juris Doctor a plus.

  • Audit, risk, legal, or compliance experience. Insurance/financial industry and IT/information security experience a plus.

  • Related industry certification (e.g., CRISC, CISSP, CISA) a plus.

  • Strong time management and organizational skills.

  • Strong written and verbal communication skills.

  • Strong working knowledge of Microsoft Office tools. Experience with Archer eGRC a plus.

If you are ready to unleash your potential it's time to start your career with Manulife/John Hancock.

About Manulife

Manulife Financial Corporation is a leading international financial services group that helps people make their decisions easier and lives better. With our global headquarters in Toronto, we operate as Manulife across our offices in Canada, Asia, and Europe, and primarily as John Hancock in the United States. We provide financial advice, insurance, as well as wealth and asset management solutions for individuals, groups and institutions. At the end of 2018, we had more than 34,000 employees, over 82,000 agents, and thousands of distribution partners, serving almost 28 million customers. As of September 30, 2019, we had over $1.2 trillion (US$881 billion) in assets under management and administration, and in the previous 12 months we made $29.8 billion in payments to our customers.

Our principal operations in Asia, Canada and the United States are where we have served customers for more than 100 years. We trade as 'MFC' on the Toronto, New York, and the Philippine stock exchanges and under '945' in Hong Kong.

Manulife is an equal opportunity employer. We strive to attract, develop and retain a workforce that is as diverse as the customers we serve and to foster an inclusive work environment that embraces the strength of cultures and individuals. We are committed to fair recruitment, retention and advancement and we administer all of our practices and programs based on qualification and performance and without discrimination on any protected ground.

It is our priority to remove barriers to provide equal access to employment. A Human Resources representative will consult with applicants contacted to participate at any stage of the recruitment process who request any accommodation. Information received regarding the accommodation needs of applicants will be addressed confidentially.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Sr IT Compliance Analyst


Posted 7 days ago

VIEW JOBS 3/28/2020 12:00:00 AM 2020-06-26T00:00 Our Opportunity: Chewy is looking for a Senior IT Governance, Risk u0026amp; Compliance (GRC) Analyst to join our Information Technology Team based in Boston, MA or Dania Beach, FL and the ideal candidate would be able to: What you'll do: * Oversee processes on development and maintenance of information security policies, standards, and procedures to address risk and security compliance requirements; * Work with IT Leadership to support the execution of strategies and objectives in accordance with IT Compliance frameworks, guidelines and requirements; * Advise and train IT process owners on best practices related to IT General Controls, IT security, remediation of any issues and deficiencies; * Conduct risk assessments of information systems which includes creating asset profiles, evaluating threat likelihood and impact, and identifying mitigating controls to determine inherent and residual risk to systems; * Help IT management to maintain an effective SOX control environment and ensure adequate controls are in place to mitigate risks; * Support ongoing internal audit reviews to ensure all required documentation is provided * Work with the IT Teams in the completion of the SOX certification for new systems and during significant upgrades/updates of existing systems; * Monitor and test IT compliance metrics for SOX, PCI, Cybersecurity, and Privacy to ensure the program is meeting regulatory requirements and internal corporate goals and timelines; * Lead the ongoing development, implementation, and enforcement of security awareness training programs, requirements and initiatives; * Develop training, newsletters and other educational material that is engaging and promotes adoption of security u0026amp; compliance best practices; * Responsible for supporting Data Privacy activities including PCI and CCPA compliance. * Review SSAE 18 and/or third-party assessments/reviews performed by external parties. Must have(s): * Sustainable knowledge of compliance requirements associated with SOX (ITGCs u0026amp; ITACs), Cybersecurity and PCI; * Extensive knowledge of general information security best practices and standards such as ISO 27000, COBIT 5, NIST SP 800 series, NIST CSF; * Solid knowledge/experience in Software development life cycle, DevOps, networks, databases, operating systems, application controls and IT operations; * General understanding of internal audit methodologies and processes; * Work with Internal Audit, external auditors, IT management and staff to identify feasible implementation of controls and resolutions to manage weaknesses and create opportunities for improvement; * Ability to create and maintain IT policies u0026amp; procedures, management and executive level reports on effectiveness of IT governance controls and exceptions; * Excellent interpersonal and presentation skills. * Ability to perform assigned tasks and responsibilities with moderate supervision, which includes planning, executing and reporting on required compliance tasks within assigned timelines * 5+ years of IT experience covering Internal or External IT audit, Risk Management, vulnerability management, data security, regulatory compliance, vendor management, incident response * Bachelor's Degree in Information Systems, Risk Management, Business Administration, or a related field * At least one of the following certifications: CISA, CISM or CISSP Nice to have(s): * Prior experience in eCommerce or start-up organization * Prior experience with implementing Service Now, GRC tool or ITSM solutions * Prior experience in automating controls and control testing, data analytics and Agile methodology * Prior experience in the following areas: risk management, internal or external IT audit, vulnerability management, data security, regulatory compliance, vendor management, incident response * ITIL, PMP, Six Sigma certification a plus. If you have a disability under the Americans with Disabilities Act or similar law, or you require a religious accommodation, and you wish to discuss potential accommodations related to applying for employment at our company, please contact Chewy Boston MA

Cybersecurity Regulatory Compliance Analyst