Director, IT Controls Assurance

We are a leading financial services provider committed to making decisions easier and lives better for our customers and colleagues around the world. From our environmental initiatives to our community investments, we lead with values throughout our business. To help us stand out, we help you step up, because when colleagues are healthy, respected and meaningfully challenged, we all thrive. Discover how you can grow your career, make impact and drive real change with our Winning Team today.

**Working Arrangement**

Hybrid

**The opportunity**

This position plays a key role in the daily execution and monitoring of our operational risk framework, Controls Assurance & Information Security.

You will work and collaborate with the leadership team to ensure adherence to the company’s risk management requirements and related policies.

You will Partner with ETS and segments to establish and assess mitigating controls for operational risk, monitor and report on operational risk profile and adherence to risk appetite, and report on residual operational risk and related deficiencies.

**Responsibilities**:

- Assess the materiality of risks
- Establish appropriate mitigating controls relative to the inherent operational risk and assessing the design and efficiency of these controls
- Coordinate and report on operational risk profile and ensuring adherence to established operational risk appetite and tolerance
- Report on the residual operational risk, which is not mitigated by controls including, operational risk events, control deficiencies, personnel, and process inadequacies.
- Evaluate current risks and identify emerging risks facing the business unit, and ensure that controls are accurately focused
- Coordinate and facilitate periodic Risk Control Assessments of Insurance operating areas
- Respond to Key Risk Audit findings and assist in the development of remediation plans
- Drive the continuous improvement of the Insurance risk management framework, methodology, tools, and reporting

**How will you create **impact **?**
- Identify and assess the inherent operational risk within our Product Management, Pricing, Distribution, Marketing, Reinsurance, and Finance/Actuarial areas, while coordinating the efforts of other functional risk managers who support the business group
- Ensure strong coordination and communication with Audit Services, Functional areas and country Compliance team and other areas as applicable
- Ensure timely and accurate customer concern of material issues and non-compliant activities through the proper leadership channels
- Gather intelligence from Insurance business leaders and team members to update and improve the unit’s quarterly Risk Register
- Manage the business unit operational incident and loss reporting program. Work closely with all Insurance functional areas to ensure/coordinate disclosure and facilitate formal reporting to internal and external audiences.
- Collaborate with country Risk Management team to identify and share standard methodologies with respect to risk management and controls
- Maintaining responsiveness to global Risk Management and Audit Services teams is essential for ensuring compliance with requirements and standards.
- Promote a strong risk management culture throughout the John Hancock Insurance unit.

**What motivates you?**
- You obsess about customers, listen, engage and act for their benefit.
- You think big, with curiosity to discover ways to use your agile approach and enable business outcomes.
- You thrive in teams and enjoy getting things done together.
- You take ownership and build solutions, focusing on what matters.
- You do what is right, work with integrity and speak up.
- You share your humanity, helping us build a diverse and inclusive work environment for everyone.

**What we are looking for**
- 5 to 7 years of experience in technology audit, SOX IT audit, or technology RCSA
- Proficient in reviewing processes, identifying risks, and mapping controls to mitigate those risks
- Skilled in documenting end-to-end processes to serve as a reference for team members
- Experience in cybersecurity, network security, IAM, or cloud security solutions, endpoints, Azure technologies, SIEM/SOAR
- Strong understanding of controls, audit, and risk management, with excellent analytical and problem-solving skills
- Bachelor's degree related to information systems, computer science, or information system auditing
- Professional certification(s) related to audit or information risk management such as CISA, CISSP, CISM, GIAC, CRISC preferred

**What can we offer you?**
- A competitive salary and benefits packages.
- A growth trajectory that extends upward and outward, encouraging you to follow your passions and learn new skills.
- A focus on growing your career path with us.
- Flexible work policies and strong work-life balance.
- Professional development and leadership opportunities.

**Our commitment to you**
- Values-first culture
We lead with our Valu