Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference and a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.
John Hancock Retirement Pension Services (JHRPS) is embarking on a SOC2 (Service Organization Controls) assessment and as such needs an individual to be the prime contact for the extended process. The candidate will be the interface between the external Auditor, Business, IT, and Divisional resources to ensure the SOC2 is completed as required and meets RPS needs. The candidate will also be the control resource that will ensure that any adjustments and changes to processes and technology that are implemented as part of the SOC2 are maintained year over year as the SOC2 will be an ongoing exercise
This is an era of rapid changes. To remain competitive, not just locally but globally, Manulife / John Hancock is required to continuously explore new products, new customer groups, new distribution channels, new agents or partnerships etc. Given these rapid changes, it is important that JHRPS remains competitive and flexible, and is able to demonstrate value for our clients. In the current environment of risk and security clients and regulators are requiring a higher level of attestation that data controls are in place and working effectively. JHRPS is embarking on a SOC2 (Service Organization Controls) assessment and as such needs an individual to be the prime contact for the extended process. The candidate will be the interface between the external Auditor, Business, IT, and Divisional resources to ensure the SOC2 is completed as required and meets RPS needs. The candidate will also be the control resource that will ensure that any adjustments and changes to processes and technology that are implemented as part of the SOC2 are maintained year over year as the SOC2 will be an ongoing exercise.
- Support the SOC2 (Service Organization Controls) execution that primarily deals with the areas of Security, Availability and Confidentiality for a number of existing RPS (Retirement Plan Services) application environments in both the TRS and Signature lines of business.
- Be the prime contact with the external auditor and internal JHRPS resources for the SOC2.
- Support and execute technology changes (application management, IT operation and infrastructure, etc.) for the SOC2 audit in accordance with methodology and standards.
- Working with a team, ensure that audit programs and audit testing are comprehensive at addressing the significant risks.
- With oversight, assist business unit or IT management by providing risk management support and education.
- Involvement in preparation of reports, making practical and value-added recommendations to improve risk management practices and the efficiency and effectiveness of operations; audits reports are to be clear, concise and well-organized, and issued within departmental service standards and according to departmental quality standards.
- Working with a team, identify findings and recommendations to business unit management; assist in resolution of contentious issues and reaching agreement on appropriate solutions to risk management and operational efficiency issues.
- Ability to understand the SOC2 assessment process and basic risk implications introduced by technology on the business, the applications, and in the systems configurations as well as the technology management processes.
- Knowledge of audit processes, technology platforms for both networks and servers, specific security and control related applications such as Active Directory, control frameworks and risk management practices, and regulatory requirements, as well as fundamentals of information security management and practices.
- Strong communication skills. Demonstrated ability to effectively communicate issues and recommendations orally and in writing, and to listen and consider ideas of others.
- Sound judgment and common sense.
- Customer focus and commitment to quality.
- Ability to balance multiple priorities and assignments and prioritizing work to area of highest risk.
- Proven relationship skills including a demonstrated ability to work collaboratively with project teams and auditees as well as working independently as needed.
- Working knowledge of retirement plan services and wealth management operations and company policies is an asset.
- University degree with at least 1-3 years internal or external IT audit experience
- IT Audit certification (CISA/CISM) preferable