Director, Cybersecurity Regulatory Compliance Program (John Hancock)

About the positionResponsibilities• Develop and deliver on the John Hancock Cybersecurity Regulatory Compliance Program strategy, operating model, and execution plans. • Maintain ongoing knowledge and understanding of applicable regulatory and industry requirements and provide subject matter expertise on new and changing laws and regulations. • Advise subject matter experts on applicable regulatory and industry requirements, identify compliance issues, and help develop corrective action plans where needed.• Collaborate with other Cybersecurity, Resilience & Governance leads to collectively monitor and maintain effective cybersecurity operations and technical controls. • Report on cybersecurity regulatory compliance initiatives, posture, and key areas of risk to senior and executive leadership, and provide close support to the CISO on annual board reporting. • Lead and manage cybersecurity due diligence for our US distribution partners (agents and producers). • Lead and coordinate responses for all external inquiries (i.e.regulatory exams, client security questionnaires) on cybersecurity operations and technical controls. • Lead and manage the US Segment IT organization through the Information Risk Management policies and standards refresh process, ensuring key stakeholders understand proposed changes and facilitating feedback. • Support other IT and security initiatives as needed. Requirements• 4+ years of audit, risk, legal, and/or compliance experience. • Insurance or financial industry and/or IT and information security experience preferred.• Bachelor's degree or 4 additional years of related experience. • Master's degree or Juris Doctor a plus. • Related industry certification (e.g., CRISC, CISSP, CISA) a plus. • Strong time management and organizational skills. • Strong written and verbal communication skills. • Strong working knowledge of Microsoft Office tools. • Experience with Archer eGRC a plus. Nice-to-haves• Knowledge of cybersecurity laws and regulations, including HIPAA, SEC/OCIE, OSFI, NYDFS Cybersecurity Regulation and/or other state adoptions of NAIC model laws.• Knowledge of industry standards and cybersecurity frameworks, including ISO 27000, NIST, COBIT, COSO, and/or ITIL. • Experience conducting risk assessments and/or compliance reviews and applying risk management frameworks aligned with regulatory and industry requirements. • Experience responding to regulatory exam and audit requests, including collection, review, and submission of documentation and/or preparing subject matter experts for interviews. • Experience providing a service-oriented approach to managing risk and compliance with cross-functional, global, and enterprise-wide teams.Benefits• Health, dental, mental health, vision, short- and long-term disability, life and AD&D insurance coverage. • Adoption/surrogacy and wellness benefits. • Employee/family assistance plans. • Retirement savings plans (including pension/401(k) savings plans and a global share ownership plan with employer matching contributions). • Financial education and counseling resources. • Generous paid time off program including up to 11 paid holidays, 3 personal days, 150 hours of vacation, and 40 hours of sick time.Apply tot his job